CVE-2025-11302 is a buffer overflow vulnerability identified in the Belkin F9K1015 router firmware version 1.00.10. The vulnerability resides in the handling of the pinCode argument within the /goform/formWpsStart endpoint, which is part of the router's WPS (Wi-Fi Protected Setup) functionality. By sending a specially crafted request to this endpoint, an attacker can cause a buffer overflow condition, potentially leading to arbitrary code execution on the device. The vulnerability is remotely exploitable without requiring authentication or user interaction, making it highly accessible to attackers scanning for vulnerable devices. The CVSS 4.0 base score of 8.7 reflects the high impact on confidentiality, integrity, and availability, as successful exploitation could allow attackers to take full control of the router, intercept or manipulate network traffic, and disrupt network services. The vendor, Belkin, was contacted early about the issue but has not released any patches or advisories, increasing the urgency for affected users to implement mitigations. Although no known exploits are currently observed in the wild, the public disclosure of the exploit code elevates the risk of imminent attacks. The vulnerability affects only firmware version 1.00.10, so devices running other versions may not be vulnerable. The lack of vendor response and patch availability necessitates proactive defensive measures by users and organizations relying on this hardware.

For European organizations, this vulnerability poses significant risks, especially for those using Belkin F9K1015 routers in their network infrastructure. Successful exploitation could lead to full compromise of the router, enabling attackers to intercept sensitive communications, redirect traffic, deploy malware, or launch further attacks within the internal network. This could result in data breaches, operational disruptions, and loss of trust. Critical infrastructure sectors, SMEs, and enterprises relying on these routers for secure connectivity are particularly vulnerable. The remote and unauthenticated nature of the exploit increases the attack surface, as attackers can scan and target exposed devices over the internet or within local networks. The absence of vendor patches means that the vulnerability may persist for an extended period, increasing the window of opportunity for attackers. Additionally, compromised routers could be leveraged as part of botnets or for launching distributed denial-of-service (DDoS) attacks, affecting broader network stability in Europe.

1. Immediately identify and inventory all Belkin F9K1015 devices running firmware version 1.00.10 within the network. 2. Disable WPS functionality on affected devices if the option is available, as the vulnerability is linked to the WPS endpoint. 3. Implement network segmentation to isolate vulnerable routers from critical systems and sensitive data. 4. Restrict remote access to router management interfaces, ideally allowing only trusted IP addresses or disabling remote management entirely. 5. Monitor network traffic for unusual or suspicious requests targeting /goform/formWpsStart or abnormal pinCode parameter values. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect exploitation attempts. 7. Consider replacing vulnerable devices with updated hardware from vendors with active security support. 8. Maintain strict firewall rules to limit exposure of routers to the internet. 9. Stay informed on any vendor updates or community patches and apply them promptly once available. 10. Educate network administrators about the vulnerability and ensure incident response plans include this threat.