CVE-2025-7081

MEDIUM EXPLOITED

Belkin F9K1122 1.00.33 - OS Command Injection via formSetWanStatic Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-7081 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 is directly passed by the attacker/so we can control the m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1/m_wan_staticdns2 leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.314995
Permissions Required signature permissions-required
https://vuldb.com/?ctiid.314995
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.603669

Scores

CVSS v3 6.3
EPSS 0.1522
EPSS Percentile 96.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

VulnCheck KEV 2026-01-23
CWE
CWE-77 CWE-78
Status published
Products (1)
belkin/f9k1122_firmware 1.00.33
Published Jul 06, 2025
Tracked Since Feb 18, 2026