CVE-2025-7091 is a critical stack-based buffer overflow vulnerability identified in the Belkin F9K1122 router, specifically affecting firmware version 1.00.33. The vulnerability resides in the formWlanMP function within the /goform/formWlanMP component of the device's web interface. This function processes multiple parameters related to wireless configuration such as ateFunc, ateGain, ateTxCount, ateChan, ateRate, ateMacID, and various e2pTxPower and ateTxFreqOffset parameters. Improper handling and validation of these inputs allow an attacker to overflow a stack buffer, potentially overwriting adjacent memory and enabling arbitrary code execution. The vulnerability can be exploited remotely without authentication or user interaction, as it is triggered via crafted HTTP requests to the vulnerable web endpoint. The CVSS 4.0 base score is 8.7, indicating a high severity level, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Although no public exploits have been observed in the wild yet, the exploit code has been disclosed publicly, increasing the risk of exploitation. The vendor was notified early but has not responded or released patches, leaving devices exposed. This vulnerability poses a significant risk to the security posture of affected devices, enabling remote attackers to gain control over the router, manipulate network traffic, or disrupt network availability.

For European organizations, this vulnerability presents a substantial risk, especially for those relying on Belkin F9K1122 routers in their network infrastructure. Successful exploitation could lead to full compromise of the router, allowing attackers to intercept or redirect sensitive communications, launch man-in-the-middle attacks, or pivot into internal networks. This jeopardizes confidentiality of corporate data, integrity of network operations, and availability of critical services. Small and medium enterprises, as well as home office setups using this device, may be particularly vulnerable due to limited IT security resources and delayed patching. The lack of vendor response and patches exacerbates the threat, potentially leading to increased exploitation attempts. Additionally, compromised routers could be leveraged as part of botnets or for launching further attacks against European targets, amplifying the impact beyond individual organizations.

Given the absence of official patches, European organizations should implement immediate compensating controls. These include isolating affected Belkin F9K1122 devices from critical network segments and restricting access to their web management interfaces via firewall rules or network segmentation. Disabling remote management features and changing default credentials can reduce exposure. Monitoring network traffic for unusual patterns or unexpected HTTP requests targeting /goform/formWlanMP can help detect exploitation attempts. Organizations should consider replacing vulnerable devices with alternative routers from vendors with active security support. Additionally, deploying intrusion detection/prevention systems (IDS/IPS) configured to identify exploitation signatures related to this vulnerability can provide proactive defense. Regular security awareness training to inform users about risks associated with unmanaged or outdated network devices is also recommended. Finally, organizations should maintain close monitoring of vendor communications for any forthcoming patches or advisories.