CVE-2025-7084 is a critical stack-based buffer overflow vulnerability identified in the Belkin F9K1122 router, specifically in firmware version 1.00.33. The flaw exists in the function formWpsStart within the web component handling the /goform/formWpsStart endpoint. The vulnerability arises from improper handling of the 'pinCode' argument, which can be manipulated by an attacker to overflow the stack buffer. This type of overflow can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, making it particularly dangerous. The CVSS v4.0 base score is 8.7, indicating high severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Although the vendor was notified early, there has been no response or patch released, and a public exploit has been disclosed, increasing the risk of exploitation in the wild. The lack of vendor response and patch availability means affected devices remain vulnerable, and attackers can leverage this flaw to gain control over the router, intercept or manipulate network traffic, or disrupt network services.

For European organizations, this vulnerability poses a significant risk, especially for those relying on Belkin F9K1122 routers in their network infrastructure. Successful exploitation could allow attackers to execute arbitrary code on the device, potentially leading to full compromise of the router. This could enable interception of sensitive data, man-in-the-middle attacks, or lateral movement within the network. The disruption of router availability could also impact business continuity, particularly for small and medium enterprises that may use consumer-grade routers like the F9K1122. Given the router’s role as a network gateway, the compromise could undermine the confidentiality, integrity, and availability of organizational data and communications. The absence of a patch and the public availability of exploits heighten the urgency for mitigation. Additionally, the vulnerability could be leveraged in botnet campaigns or as a foothold for further attacks targeting European entities.

Organizations should immediately identify any deployments of Belkin F9K1122 routers running firmware version 1.00.33. Since no official patch is available, mitigation should focus on network-level controls: isolate affected devices from critical network segments, restrict remote access to the router’s management interface, and implement strict firewall rules to block unauthorized inbound traffic to the router’s web management ports. Disabling WPS functionality, if possible, may reduce attack surface. Network monitoring should be enhanced to detect unusual traffic patterns or signs of exploitation attempts targeting the /goform/formWpsStart endpoint. Where feasible, replace affected devices with alternative routers from vendors with active security support. Additionally, organizations should maintain up-to-date asset inventories and apply network segmentation to limit the impact of compromised devices. Finally, engage with Belkin support channels to seek updates or advisories and monitor vulnerability databases for any forthcoming patches or mitigations.