CVE-2025-7091

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33

Description: A critical issue has been found in the function formWlanMP of the file /goform/formWlanMP of the component webs. The manipulation of the arguments ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, e2pTxPower1, e2pTxPower2, e2pTxPower3, e2pTxPower4, e2pTxPower5, e2pTxPower6, e2pTxPower7, e2pTx2Power1, e2pTx2Power2, e2pTx2Power3, e2pTx2Power4, e2pTx2Power5, e2pTx2Power6, e2pTx2Power7, ateTxFreqOffset, ateMode, ateBW, ateAntenna, e2pTxFreqOffset, e2pTxPwDeltaB, e2pTxPwDeltaG, e2pTxPwDeltaMix, e2pTxPwDeltaN, readE2P leads to a stack-based buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed, and the vendor was contacted but did not respond.

Recommendations: As a temporary workaround, consider disabling the formWlanMP function in the /goform/formWlanMP file of the webs component until a patch is available. Restrict access to the vulnerable component to minimize the risk of exploitation. Avoid using the arguments ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, e2pTxPower1, e2pTxPower2, e2pTxPower3, e2pTxPower4, e2pTxPower5, e2pTxPower6, e2pTxPower7, e2pTx2Power1, e2pTx2Power2, e2pTx2Power3, e2pTx2Power4, e2pTx2Power5, e2pTx2Power6, e2pTx2Power7, ateTxFreqOffset, ateMode, ateBW, ateAntenna, e2pTxFreqOffset, e2pTxPwDeltaB, e2pTxPwDeltaG, e2pTxPwDeltaMix, e2pTxPwDeltaN, readE2P in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.