Sign-up

ID

VAR-202507-0058


CVE

CVE-2025-7091


TITLE

Belkin International  of  F9K1122  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009881

DESCRIPTION

A vulnerability was found in Belkin F9K1122 1.00.33. It has been classified as critical. Affected is the function formWlanMP of the file /goform/formWlanMP of the component webs. The manipulation of the argument ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1/e2pTxPower2/e2pTxPower3/e2pTxPower4/e2pTxPower5/e2pTxPower6/e2pTxPower7/e2pTx2Power1/e2pTx2Power2/e2pTx2Power3/e2pTx2Power4/e2pTx2Power5/e2pTx2Power6/e2pTx2Power7/ateTxFreqOffset/ateMode/ateBW/ateAntenna/e2pTxFreqOffset/e2pTxPwDeltaB/e2pTxPwDeltaG/e2pTxPwDeltaMix/e2pTxPwDeltaN/readE2P leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International of F9K1122 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Belkin F9K1122 is a WiFi extender manufactured by Belkin, a Canadian company. Detailed vulnerability details are not currently available

Trust: 2.16

sources: NVD: CVE-2025-7091 // JVNDB: JVNDB-2025-009881 // CNVD: CNVD-2025-20836

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-20836

AFFECTED PRODUCTS

vendor:belkinmodel:f9k1122scope:eqversion:1.00.33

Trust: 1.6

vendor:belkinmodel:f9k1122scope:eqversion:f9k1122 firmware 1.00.33

Trust: 0.8

vendor:belkinmodel:f9k1122scope: - version: -

Trust: 0.8

vendor:belkinmodel:f9k1122scope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2025-20836 // JVNDB: JVNDB-2025-009881 // NVD: CVE-2025-7091

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-7091
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-009881
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-20836
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-7091
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-009881
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-20836
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-7091
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-009881
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-20836 // JVNDB: JVNDB-2025-009881 // NVD: CVE-2025-7091

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-009881 // NVD: CVE-2025-7091

PATCH

title:Patch for Belkin F9K1122 Stack Buffer Overflow Vulnerability (CNVD-2025-20836)url:https://www.cnvd.org.cn/patchInfo/show/730146

Trust: 0.6

sources: CNVD: CNVD-2025-20836

EXTERNAL IDS

db:NVDid:CVE-2025-7091

Trust: 3.2

db:VULDBid:315006

Trust: 1.8

db:JVNDBid:JVNDB-2025-009881

Trust: 0.8

db:CNVDid:CNVD-2025-20836

Trust: 0.6

sources: CNVD: CNVD-2025-20836 // JVNDB: JVNDB-2025-009881 // NVD: CVE-2025-7091

REFERENCES

url:https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_11/11.md

Trust: 1.8

url:https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_11/11.md#poc

Trust: 1.8

url:https://vuldb.com/?id.315006

Trust: 1.8

url:https://vuldb.com/?submit.603700

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-7091

Trust: 1.4

url:https://vuldb.com/?ctiid.315006

Trust: 1.0

sources: CNVD: CNVD-2025-20836 // JVNDB: JVNDB-2025-009881 // NVD: CVE-2025-7091

SOURCES

db:CNVDid:CNVD-2025-20836
db:JVNDBid:JVNDB-2025-009881
db:NVDid:CVE-2025-7091

LAST UPDATE DATE

2025-09-10T23:32:52.104000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-20836date:2025-09-09T00:00:00
db:JVNDBid:JVNDB-2025-009881date:2025-07-25T04:50:00
db:NVDid:CVE-2025-7091date:2025-07-09T17:25:38.590

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-20836date:2025-09-09T00:00:00
db:JVNDBid:JVNDB-2025-009881date:2025-07-25T00:00:00
db:NVDid:CVE-2025-7091date:2025-07-06T20:15:23.800