Details of VAR-202507-0059

ID

VAR-202507-0059

CVE

CVE-2025-7084

TITLE

Belkin International of F9K1122 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009877

DESCRIPTION

A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International of F9K1122 The firmware contains a buffer error vulnerability and a stack-based buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Belkin F9K1122 is a WiFi extender manufactured by Belkin, a Canadian company. Detailed vulnerability details are not currently available

Trust: 2.16

sources: NVD: CVE-2025-7084 // JVNDB: JVNDB-2025-009877 // CNVD: CNVD-2025-20838

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20838

AFFECTED PRODUCTS

vendor:	belkin	model:	f9k1122	scope:	eq	version:	1.00.33	Trust: 1.6
vendor:	belkin	model:	f9k1122	scope:	eq	version:	f9k1122 firmware 1.00.33	Trust: 0.8
vendor:	belkin	model:	f9k1122	scope:	-	version:	-	Trust: 0.8
vendor:	belkin	model:	f9k1122	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-20838 // JVNDB: JVNDB-2025-009877 // NVD: CVE-2025-7084

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7084
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009877
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-20838
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7084
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009877
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-20838
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7084
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-009877
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20838 // JVNDB: JVNDB-2025-009877 // NVD: CVE-2025-7084

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009877 // NVD: CVE-2025-7084

PATCH

title:

Patch for Belkin F9K1122 Stack Buffer Overflow Vulnerability (CNVD-2025-20838)

url:

https://www.cnvd.org.cn/patchInfo/show/730156

Trust: 0.6

sources: CNVD: CNVD-2025-20838

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7084	Trust: 3.2
db:	VULDB	id:	314998	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009877	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20838	Trust: 0.6

sources: CNVD: CNVD-2025-20838 // JVNDB: JVNDB-2025-009877 // NVD: CVE-2025-7084

REFERENCES

url:	https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_4/4.md	Trust: 1.8
url:	https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_4/4.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.314998	Trust: 1.8
url:	https://vuldb.com/?submit.603674	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7084	Trust: 1.4
url:	https://vuldb.com/?ctiid.314998	Trust: 1.0

sources: CNVD: CNVD-2025-20838 // JVNDB: JVNDB-2025-009877 // NVD: CVE-2025-7084

SOURCES

db:	CNVD	id:	CNVD-2025-20838
db:	JVNDB	id:	JVNDB-2025-009877
db:	NVD	id:	CVE-2025-7084

LAST UPDATE DATE

2025-09-10T23:40:13.334000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20838	date:	2025-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2025-009877	date:	2025-07-25T04:47:00
db:	NVD	id:	CVE-2025-7084	date:	2025-07-09T17:35:15.507

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20838	date:	2025-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2025-009877	date:	2025-07-25T00:00:00
db:	NVD	id:	CVE-2025-7084	date:	2025-07-06T16:15:28.447