CVE-2025-11302
Published: 05 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-11302 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the Belkin F9K1015 router on firmware version 1.00.10. The flaw exists in an unknown function of the /goform/formWpsStart CGI endpoint, where manipulation of the pinCode argument triggers the overflow. Published on 2025-10-05, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network with low complexity and requires only low privileges, such as those of an authenticated user, but no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially resulting in arbitrary code execution or device takeover.
Advisories note that a proof-of-concept exploit has been publicly disclosed on GitHub, including details at https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWpsStart.md and a POC section. VulDB references (https://vuldb.com/?ctiid.327183, https://vuldb.com/?id.327183, https://vuldb.com/?submit.661306) document the issue, but the vendor was contacted early without response, and no patches or official mitigations are available.
The exploit disclosure indicates it may be actively used in the wild, though no confirmed real-world incidents are reported in the available data.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in public-facing router web interface (/goform/formWpsStart) via remote pinCode manipulation enables exploitation of public-facing applications for initial access.