Details of VAR-202508-0193

ID

VAR-202508-0193

CVE

CVE-2025-8730

TITLE

Belkin F9K1009 and Belkin F9K1010 Hardcoded Credentials Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-23130

DESCRIPTION

A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. The Belkin F9K1009 and Belkin F9K1010 are both wireless routers manufactured by Belkin, a Canadian company. The Belkin F9K1009 and Belkin F9K1010 have a hardcoded credential vulnerability that could allow an attacker to gain access to the devices

Trust: 1.44

sources: NVD: CVE-2025-8730 // CNVD: CNVD-2025-23130

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-23130

AFFECTED PRODUCTS

vendor:	belkin	model:	f9k1009	scope:	eq	version:	2.00.04	Trust: 0.6
vendor:	belkin	model:	f9k1009	scope:	eq	version:	2.00.09	Trust: 0.6
vendor:	belkin	model:	f9k1010	scope:	eq	version:	2.00.04	Trust: 0.6
vendor:	belkin	model:	f9k1010	scope:	eq	version:	2.00.09	Trust: 0.6

sources: CNVD: CNVD-2025-23130

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-8730
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-23130
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-8730
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2025-23130
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-8730
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-23130 // NVD: CVE-2025-8730

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.0
problemtype:	CWE-259	Trust: 1.0

sources: NVD: CVE-2025-8730

PATCH

title:

Patch for Belkin F9K1009 and Belkin F9K1010 Hardcoded Credentials Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/740561

Trust: 0.6

sources: CNVD: CNVD-2025-23130

EXTERNAL IDS

db:	NVD	id:	CVE-2025-8730	Trust: 1.6
db:	VULDB	id:	319226	Trust: 1.0
db:	CNVD	id:	CNVD-2025-23130	Trust: 0.6

sources: CNVD: CNVD-2025-23130 // NVD: CVE-2025-8730

REFERENCES

url:	https://github.com/nicholas-wei/bug-discovery/blob/main/belkin/f9k1009_ww_2.00.09/belkin%20f9k1009_ww_2.00.09_hardcoded_credential.pdf	Trust: 1.0
url:	https://vuldb.com/?id.319226	Trust: 1.0
url:	https://vuldb.com/?submit.621760	Trust: 1.0
url:	https://vuldb.com/?submit.621747	Trust: 1.0
url:	https://vuldb.com/?ctiid.319226	Trust: 1.0
url:	https://vuldb.com/?submit.621748	Trust: 1.0
url:	https://github.com/nicholas-wei/bug-discovery/blob/main/belkin/f9k1010_ww_2.00.04/belkin_f9k1010_ww_2.00.04_hardcoded_credential.pdf	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-8730	Trust: 0.6

sources: CNVD: CNVD-2025-23130 // NVD: CVE-2025-8730

SOURCES

db:	CNVD	id:	CNVD-2025-23130
db:	NVD	id:	CVE-2025-8730

LAST UPDATE DATE

2025-10-10T23:41:48.815000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-23130	date:	2025-10-09T00:00:00
db:	NVD	id:	CVE-2025-8730	date:	2025-08-08T20:30:18.180

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-23130	date:	2025-10-09T00:00:00
db:	NVD	id:	CVE-2025-8730	date:	2025-08-08T15:15:29.217