CVE-2025-7081

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33

Description: A critical issue has been found, affecting the function formSetWanStatic of the file /goform/formSetWanStatic in the component webs. The manipulation of the arguments m wan ipaddr, m wan netmask, m wan gateway, m wan staticdns1, and m wan staticdns2 can be directly controlled by an attacker, leading to os command injection. This issue can be exploited remotely.

Recommendations: For Belkin F9K1122 version 1.00.33, as a temporary workaround, consider restricting access to the /goform/formSetWanStatic endpoint to minimize the risk of exploitation. Avoid using the arguments m wan ipaddr, m wan netmask, m wan gateway, m wan staticdns1, and m wan staticdns2 in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.