CVE-2025-7082

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33

Description: A critical issue was found, affecting the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey in the component webs. The manipulation of the arguments wan ipaddr, wan netmask, wan gateway, and wl ssid can lead to OS command injection. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations: As a temporary workaround, consider disabling the formBSSetSitesurvey function until a patch is available. Restrict access to the /goform/formBSSetSitesurvey endpoint to minimize the risk of exploitation. Avoid using the parameters wan ipaddr, wan netmask, wan gateway, and wl ssid in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.