CVE-2025-11302
Published: 05 October 2025
Summary
CVE-2025-11302 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1015 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 41.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates buffer overflow by enforcing validation of the pinCode argument in the /goform/formWpsStart endpoint to reject malformed inputs.
Implements memory protections like stack canaries, ASLR, and DEP to prevent exploitation of the buffer overflow for arbitrary code execution.
Requires timely flaw remediation through patching or replacement of the vulnerable Belkin F9K1015 firmware version 1.00.10.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing router web interface (/goform/formWpsStart) via remote pinCode manipulation enables exploitation of public-facing applications for initial access.
NVD Description
A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed…
more
publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-11302 is a buffer overflow vulnerability (CWE-119, CWE-120) affecting the Belkin F9K1015 router on firmware version 1.00.10. The flaw exists in an unknown function of the /goform/formWpsStart CGI endpoint, where manipulation of the pinCode argument triggers the overflow. Published on 2025-10-05, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables remote exploitation over the network with low complexity and requires only low privileges, such as those of an authenticated user, but no user interaction. Attackers can achieve high impacts on confidentiality, integrity, and availability, potentially resulting in arbitrary code execution or device takeover.
Advisories note that a proof-of-concept exploit has been publicly disclosed on GitHub, including details at https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formWpsStart.md and a POC section. VulDB references (https://vuldb.com/?ctiid.327183, https://vuldb.com/?id.327183, https://vuldb.com/?submit.661306) document the issue, but the vendor was contacted early without response, and no patches or official mitigations are available.
The exploit disclosure indicates it may be actively used in the wild, though no confirmed real-world incidents are reported in the available data.
Details
- CWE(s)