CVE Alert: CVE-2025-11301 – Belkin – F9K1015
CVE-2025-11301
A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
High risk: remote code execution is possible over the network with low attacker privileges, and a public exploit exists.
Why this matters
Compromise of a consumer/SMB router can give an attacker control of the device and potential access to the LAN, enabling data exfiltration or pivoting to connected hosts. The combination of a high CVSS base and a publicly available exploit increases the likelihood of opportunistic attacks, especially where devices are exposed to the internet or misconfigured management interfaces remain enabled.
Most likely attack path
An attacker on the network sends a crafted request to the WPS-related endpoint, exploiting a buffer overflow to achieve code execution. The exploit does not require user interaction but relies on existing low privileges on the target, with network access as the delivery channel. If successful, the attacker gains control of the router, enabling further network access or persistence and potential lateral movement to LAN devices.
Who is most exposed
Primarily consumer and small-office routers with WPS/remote management enabled or exposed to the internet, and devices with outdated firmware lacking mitigations.
Detection ideas
- Anomalous or oversized requests to the WPS endpoint (/goform/formWlanSetupWPS).
- Router reboots or memory/CPU spikes following such requests.
- Logs showing failed or unusual WPS configuration changes or crashes.
- IDS signatures or indicators referencing the PoC patterns for this endpoint.
- Increased failed admin login attempts from external sources.
Mitigation and prioritisation
- Apply vendor firmware fixes; if unavailable, disable WPS and restrict admin access to the LAN; block WAN management where feasible.
- Enforce strong admin credentials and disable remote management exposure.
- Implement network segmentation and monitor for unexpected WPS-related configuration changes.
- Change-management: test patch in a controlled environment before wide rollout; verify logs for related indicators.
- If KEV is present or EPSS ≥ 0.5, treat as priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
