CVE-2025-7085

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33

Description: A critical issue affects the function formiNICWpsStart of the file /goform/formiNICWpsStart in the webs component. The manipulation of the pinCode argument leads to a stack-based buffer overflow. This issue can be exploited remotely. The vendor was contacted about the disclosure but did not respond.

Recommendations: For Belkin F9K1122 version 1.00.33, as a temporary workaround, consider disabling the formiNICWpsStart function until a patch is available. Restrict access to the webs component to minimize the risk of exploitation. Avoid using the pinCode argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.