Is there a public PoC exploit available for CVE-2025-11298?

Yes, a public proof-of-concept exploit is available for CVE-2025-11298. Prioritise patching immediately. EPSS: 0.2%.

Belkin F9K1015 CVE-2025-11298

Q: What is the CVSS score of CVE-2025-11298?

CVE-2025-11298 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

LOW

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2025-10-05 cna@vuldb.com

Command Injection F9K1015 Firmware

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:52 vuln.today

DescriptionCVE.org

A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing a manipulation of the argument m_wan_ipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Command injection in Belkin F9K1015 firmware 1.00.10 allows authenticated remote attackers to execute arbitrary commands via manipulation of the m_wan_ipaddr parameter in the /goform/formSetWanStatic endpoint. The vulnerability has publicly available exploit code and has been disclosed despite vendor non-responsiveness. With a CVSS score of 2.1 and EPSS percentile of 42%, real-world risk is low due to authentication requirement and limited impact scope, though the public POC and command injection nature warrant monitoring.

Technical ContextAI

The Belkin F9K1015 is a wireless router that processes configuration requests through CGI-style form handlers. The /goform/formSetWanStatic endpoint handles WAN static IP configuration without proper input validation on the m_wan_ipaddr parameter. The vulnerability stems from CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component / Injection), where user-supplied input containing shell metacharacters is passed unsanitized to system command execution, likely in a shell context for network configuration. The affected firmware version 1.00.10 does not filter shell special characters (pipe, semicolon, backtick, command substitution syntax) before executing system-level network configuration commands.

RemediationAI

No vendor-released patch has been identified at time of analysis, as the vendor declined to respond to disclosure. Immediate mitigation options include: (1) Restrict network access to the management interface of the F9K1015 to trusted internal subnets via firewall rules, blocking external access to port 80/443 and the /goform/ paths; (2) Change default or configured administrative credentials to strong, unique passwords to reduce credential compromise risk; (3) Disable remote management features if available in device settings; (4) Isolate the router on a separate management VLAN with restricted access policies. Organizations unable to restrict network access should monitor for suspicious configuration changes via device logs. Contact Belkin support to request a security update or consider evaluating replacement with a maintained alternative if the device is business-critical.

CVE-2025-11298 vulnerability details – vuln.today

Back