Details of VAR-202507-0139

ID

VAR-202507-0139

CVE

CVE-2025-7082

TITLE

Belkin International of F9K1122 Command injection vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-009875

DESCRIPTION

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wan_ipaddr/wan_netmask/wan_gateway/wl_ssid is directly passed by the attacker/so we can control the wan_ipaddr/wan_netmask/wan_gateway/wl_ssid leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Belkin International of F9K1122 The firmware contains a command injection vulnerability. (DoS) It may be in a state. The Belkin F9K1122 is a WiFi extender. This vulnerability could allow an attacker to execute arbitrary commands

Trust: 2.16

sources: NVD: CVE-2025-7082 // JVNDB: JVNDB-2025-009875 // CNVD: CNVD-2025-20828

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-20828

AFFECTED PRODUCTS

vendor:	belkin	model:	f9k1122	scope:	eq	version:	1.00.33	Trust: 1.6
vendor:	belkin	model:	f9k1122	scope:	eq	version:	f9k1122 firmware 1.00.33	Trust: 0.8
vendor:	belkin	model:	f9k1122	scope:	-	version:	-	Trust: 0.8
vendor:	belkin	model:	f9k1122	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2025-20828 // JVNDB: JVNDB-2025-009875 // NVD: CVE-2025-7082

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-7082
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-7082
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-009875
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-20828
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-7082
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-009875
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-20828
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-7082
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-7082
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2025-009875
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-20828 // JVNDB: JVNDB-2025-009875 // NVD: CVE-2025-7082 // NVD: CVE-2025-7082

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.0
problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8
problemtype:	OS Command injection (CWE-78) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-009875 // NVD: CVE-2025-7082

PATCH

title:

Patch for Belkin F9K1122 Command Injection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/730106

Trust: 0.6

sources: CNVD: CNVD-2025-20828

EXTERNAL IDS

db:	NVD	id:	CVE-2025-7082	Trust: 3.2
db:	VULDB	id:	314996	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-009875	Trust: 0.8
db:	CNVD	id:	CNVD-2025-20828	Trust: 0.6

sources: CNVD: CNVD-2025-20828 // JVNDB: JVNDB-2025-009875 // NVD: CVE-2025-7082

REFERENCES

url:	https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_2/2.md	Trust: 1.8
url:	https://github.com/wudipjq/my_vuln/blob/main/belkin/vuln_2/2.md#poc	Trust: 1.8
url:	https://vuldb.com/?id.314996	Trust: 1.8
url:	https://vuldb.com/?submit.603672	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-7082	Trust: 1.4
url:	https://vuldb.com/?ctiid.314996	Trust: 1.0

sources: CNVD: CNVD-2025-20828 // JVNDB: JVNDB-2025-009875 // NVD: CVE-2025-7082

SOURCES

db:	CNVD	id:	CNVD-2025-20828
db:	JVNDB	id:	JVNDB-2025-009875
db:	NVD	id:	CVE-2025-7082

LAST UPDATE DATE

2025-09-10T23:22:20.393000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-20828	date:	2025-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2025-009875	date:	2025-07-25T04:46:00
db:	NVD	id:	CVE-2025-7082	date:	2025-07-09T17:35:38.157

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-20828	date:	2025-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2025-009875	date:	2025-07-25T00:00:00
db:	NVD	id:	CVE-2025-7082	date:	2025-07-06T14:15:28.607