CVE-2009-20009
published 2025-08-30CVE-2009-20009: Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially…
PriorityP274critical9.3CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.53%
71.6th percentile
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin_international_inc | bulldog_plus_ups_monitoring_software | <= 4.0.2 build 1219 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/belkin_bulldog.rb↗
- →Detect oversized HTTP Authorization headers targeting Belkin Bulldog Plus web service; a crafted request with an abnormally large Authorization header value is the exploit delivery mechanism. ↗
- →Monitor for unauthenticated inbound HTTP requests with excessively long Authorization headers directed at Belkin Bulldog Plus 4.0.2 build 1219 web service endpoints; exploitation does not require prior authentication. ↗
- ·Vulnerability is specific to Belkin Bulldog Plus version 4.0.2 build 1219 only; other versions are not confirmed affected. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rbhttps://s3.belkin.com/support/dl/bulldogwindows.pdfhttps://www.exploit-db.com/exploits/8173https://www.fortiguard.com/encyclopedia/ips/17325/belkin-bulldog-plus-web-services-buffer-overflowhttps://www.vulncheck.com/advisories/belkin-bulldog-plus-web-service-buffer-overflow
2025-08-30
Published