{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-7084","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-07-05T15:24:26.861Z","datePublished":"2025-07-06T16:02:05.557Z","dateUpdated":"2025-07-07T16:03:36.843Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-07-06T16:02:05.557Z"},"title":"Belkin F9K1122 webs formWpsStart stack-based overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-121","lang":"en","description":"Stack-based Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"Belkin","product":"F9K1122","versions":[{"version":"1.00.33","status":"affected"}],"modules":["webs"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. This vulnerability affects the function formWpsStart of the file /goform/formWpsStart of the component webs. The manipulation of the argument pinCode leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In Belkin F9K1122 1.00.33 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion formWpsStart der Datei /goform/formWpsStart der Komponente webs. Mit der Manipulation des Arguments pinCode mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-07-05T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-07-05T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-07-05T17:30:09.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Bond (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.314998","name":"VDB-314998 | Belkin F9K1122 webs formWpsStart stack-based overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.314998","name":"VDB-314998 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.603674","name":"Submit #603674 | Belkin F9K1122 1.00.33 Stack-based Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/wudipjq/my_vuln/blob/main/Belkin/vuln_4/4.md","tags":["related"]},{"url":"https://github.com/wudipjq/my_vuln/blob/main/Belkin/vuln_4/4.md#poc","tags":["exploit"]}]},"adp":[{"references":[{"url":"https://github.com/wudipjq/my_vuln/blob/main/Belkin/vuln_4/4.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-07T16:03:31.316273Z","id":"CVE-2025-7084","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-07T16:03:36.843Z"}}]}}