Sign-up

ID

VAR-202507-0020


CVE

CVE-2025-7081


TITLE

Belkin International  of  F9K1122  Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009874

DESCRIPTION

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 is directly passed by the attacker/so we can control the m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International of F9K1122 The firmware contains a command injection vulnerability. (DoS) It may be in a state. The Belkin F9K1122 is a WiFi extender manufactured by Belkin, a Canadian company. This vulnerability allows an attacker to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-7081 // JVNDB: JVNDB-2025-009874 // CNVD: CNVD-2025-20834

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20834

AFFECTED PRODUCTS

vendor:belkinmodel:f9k1122scope:eqversion:1.00.33

Trust: 1.6

vendor:belkinmodel:f9k1122scope:eqversion:f9k1122 firmware 1.00.33

Trust: 0.8

vendor:belkinmodel:f9k1122scope: - version: -

Trust: 0.8

vendor:belkinmodel:f9k1122scope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2025-20834 // JVNDB: JVNDB-2025-009874 // NVD: CVE-2025-7081

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-7081
value: LOW

Trust: 1.0

nvd@nist.gov: CVE-2025-7081
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-009874
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-20834
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-7081
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-009874
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-20834
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-7081
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-7081
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-009874
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20834 // JVNDB: JVNDB-2025-009874 // NVD: CVE-2025-7081 // NVD: CVE-2025-7081

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Command injection (CWE-77) [ others ]

Trust: 0.8

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009874 // NVD: CVE-2025-7081

PATCH

title:Patch for Belkin F9K1122 Command Injection Vulnerability (CNVD-2025-20834)url:https://www.cnvd.org.cn/patchInfo/show/730136

Trust: 0.6

sources: CNVD: CNVD-2025-20834

EXTERNAL IDS

db:NVDid:CVE-2025-7081

Trust: 3.2

db:VULDBid:314995

Trust: 1.8

db:JVNDBid:JVNDB-2025-009874

Trust: 0.8

db:CNVDid:CNVD-2025-20834

Trust: 0.6

sources: CNVD: CNVD-2025-20834 // JVNDB: JVNDB-2025-009874 // NVD: CVE-2025-7081

REFERENCES

url:https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_1/1.md

Trust: 1.8

url:https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_1/1.md#poc

Trust: 1.8

url:https://vuldb.com/?id.314995

Trust: 1.8

url:https://vuldb.com/?submit.603669

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-7081

Trust: 1.4

url:https://vuldb.com/?ctiid.314995

Trust: 1.0

sources: CNVD: CNVD-2025-20834 // JVNDB: JVNDB-2025-009874 // NVD: CVE-2025-7081

SOURCES

db:CNVDid:CNVD-2025-20834
db:JVNDBid:JVNDB-2025-009874
db:NVDid:CVE-2025-7081

LAST UPDATE DATE

2025-09-10T23:39:47.902000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20834date:2025-09-09T00:00:00
db:JVNDBid:JVNDB-2025-009874date:2025-07-25T04:45:00
db:NVDid:CVE-2025-7081date:2025-07-09T17:35:47.690

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20834date:2025-09-09T00:00:00
db:JVNDBid:JVNDB-2025-009874date:2025-07-25T00:00:00
db:NVDid:CVE-2025-7081date:2025-07-06T14:15:28.413