Belkin F9K1015 CVE-2025-11292
LOWSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing a manipulation of the argument wan_ipaddr can lead to command injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Command injection in Belkin F9K1015 firmware 1.00.10 allows authenticated remote attackers to execute arbitrary commands via manipulation of the wan_ipaddr parameter in the /goform/formBSSetSitesurvey endpoint. The vulnerability requires valid credentials and has limited scope (low confidentiality, integrity, and availability impact on the vulnerable component), but publicly available exploit code exists and the vendor has not responded to disclosure efforts.
Technical ContextAI
The vulnerability exists in the web administration interface of the Belkin F9K1015 wireless router (CPE: cpe:2.3:o:belkin:f9k1015_firmware:1.00.10). The underlying issue is CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), manifesting as command injection in a parameter passed to a form handler. The /goform/formBSSetSitesurvey endpoint fails to properly sanitize the wan_ipaddr argument before passing it to a downstream command execution mechanism, allowing an authenticated user to inject shell metacharacters and execute arbitrary system commands on the router.
RemediationAI
No vendor-released patch identified at time of analysis - Belkin has not responded to early disclosure and has not issued a firmware update to address this vulnerability. Immediate compensating controls are therefore required: (1) Restrict administrative access to the F9K1015 web interface (port 80 and 443) using a hardware firewall, firewall rule, or network segmentation - only permit management traffic from trusted management subnets; (2) Change the default administrative credentials to a strong, unique password that is not shared across devices, and audit for any use of common weak passwords; (3) If the router is internet-facing, disable remote management functionality (typically available in the web UI under Administration or Remote Management settings) - this prevents exploitation from untrusted networks; (4) Monitor for suspicious administrative access logs or command execution patterns if the router supports logging; (5) Consider replacing the F9K1015 with a supported model from Belkin or an alternative vendor that receives active security updates. Note that disabling remote management (mitigation 3) most significantly reduces risk by eliminating the AV:N attack vector, but restricts legitimate administration to LAN-only access.
Share
External POC / Exploit Code
Leaving vuln.today