CVE-2025-7093
published 2025-07-06CVE-2025-7093: A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.09%
89.5th percentile
A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /goform/formSetLanguage of the component webs. The manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | f9k1122 | — | — |
| belkin | f9k1122_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Belkin formSetLanguage webpage Parameter Buffer Overflow Attempt (CVE-2025-7093)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:23; content:"/goform/formSetLanguage"; fast_pattern; http.request_body; content:"webpage|3d|"; pcre:"/^[^&]{100,}(?:&|$)/R"; reference:url,github.com/wudipjq/my_vuln; reference:cve,2025-7093; classtype:web-application-attack; sid:2063408; rev:1; metadata:affected_product Belkin, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_07_10, cve CVE_2025_7093, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_07_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)- →Exploit traffic is HTTP POST only — filter on POST method to /goform/formSetLanguage (exact URI length 23 bytes).
- →The overflow is triggered via the `webpage` parameter in the POST body; look for `webpage=` followed by 100 or more non-ampersand characters as the overflow indicator.
- →Traffic is expected in plaintext (no TLS); deploy detection at the network perimeter and internally.
- →The vulnerability is in the `formSetLanguage` function of the `webs` component on Belkin F9K1122 firmware 1.00.33; the affected endpoint is /goform/formSetLanguage. ↗
- →Attack is remotely exploitable with no authentication implied; treat any external POST to this endpoint as high-severity. ↗
- ·Affected firmware version is specifically 1.00.33; confirm device firmware before applying detections to avoid false positives on other Belkin models. ↗
- ·The vendor did not respond to disclosure; no official patch is confirmed, so detection/blocking at the network perimeter is the primary mitigation. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Belkin formSetLanguage webpage Parameter Buffer Overflow Attempt (CVE-2025-7093)
suricata·2025-07-10·CVSS 7.4
CVE-2025-7093 [HIGH] ET WEB_SPECIFIC_APPS Belkin formSetLanguage webpage Parameter Buffer Overflow Attempt (CVE-2025-7093)
ET WEB_SPECIFIC_APPS Belkin formSetLanguage webpage Parameter Buffer Overflow Attempt (CVE-2025-7093)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Belkin formSetLanguage webpage Parameter Buffer Overflow Attempt (CVE-2025-7093)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:23; content:"/goform/formSetLanguage"; fast_pattern; http.request_body; content:"webpage|3d|"; pcre:"/^[^&]{100,}(?:&|$)/R"; reference:url,github.com/wudipjq/my_vuln; reference:cve,2025-7093; classtype:web-application-attack; sid:2063408; rev:1; metadata:affected_product Belkin, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_07_10, cve CVE_2025_7093, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature
No public exploits indexed.
No writeups or analysis indexed.
2025-07-06
Published