CVE-2025-11301
Published: 05 October 2025
Summary
CVE-2025-11301 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1015 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the buffer overflow flaw in the /goform/formWlanSetupWPS function via firmware patching or replacement.
Mandates validation of the 'webpage' argument to block malformed inputs that trigger the buffer overflow in the WPS web handler.
Deploys memory protections such as ASLR, DEP, and stack canaries to mitigate exploitation of the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in the public-facing web interface (/goform/formWlanSetupWPS) of Belkin F9K1015 router enables remote exploitation for initial access, with public PoC available.
NVD Description
A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to…
more
the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11301 is a buffer overflow vulnerability in the Belkin F9K1015 router running firmware version 1.00.10. The flaw affects an unknown function in the /goform/formWlanSetupWPS file, where manipulation of the "webpage" argument triggers the overflow. It is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation by an attacker possessing low privileges, such as a authenticated user on the network. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution or full device compromise.
Advisories from VulDB (ctiid.327182, id.327182) and related submissions document the issue, while a proof-of-concept exploit is publicly available on GitHub at https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWlanSetupWPS.md and the #poc section. The vendor was contacted early regarding disclosure but provided no response, and no patches or mitigations are referenced.
The exploit's public availability increases the risk of real-world attacks against unpatched devices.
Details
- CWE(s)