Publish Advisories

GHSA-6hc7-f8jh-g3gw
GHSA-6mj7-xxv7-c777
GHSA-f32f-gp3p-9gcc
GHSA-h9h5-32xg-8pxg
GHSA-hx8x-rgrq-mj3w
GHSA-vgwp-xmwr-8vx7

Author: advisory-database[bot]

advisories/unreviewed/2025/10/GHSA-6hc7-f8jh-g3gw/GHSA-6hc7-f8jh-g3gw.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6hc7-f8jh-g3gw",
+  "modified": "2025-10-05T18:30:17Z",
+  "published": "2025-10-05T18:30:17Z",
+  "aliases": [
+    "CVE-2025-11298"
+  ],
+  "details": "A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument m_wan_ipaddr can lead to command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11298"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formSetWanStatic.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formSetWanStatic.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327179"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327179"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661302"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T18:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-6mj7-xxv7-c777/GHSA-6mj7-xxv7-c777.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6mj7-xxv7-c777",
+  "modified": "2025-10-05T18:30:17Z",
+  "published": "2025-10-05T18:30:17Z",
+  "aliases": [
+    "CVE-2025-11297"
+  ],
+  "details": "A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11297"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formSetLanguage.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formSetLanguage.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327178"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327178"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661301"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T18:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-f32f-gp3p-9gcc/GHSA-f32f-gp3p-9gcc.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-f32f-gp3p-9gcc",
+  "modified": "2025-10-05T18:30:17Z",
+  "published": "2025-10-05T18:30:17Z",
+  "aliases": [
+    "CVE-2025-11295"
+  ],
+  "details": "A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11295"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formPPPoESetup.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formPPPoESetup.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327176"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661299"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T17:15:32Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-h9h5-32xg-8pxg/GHSA-h9h5-32xg-8pxg.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-h9h5-32xg-8pxg",
+  "modified": "2025-10-05T18:30:17Z",
+  "published": "2025-10-05T18:30:17Z",
+  "aliases": [
+    "CVE-2025-11293"
+  ],
+  "details": "A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11293"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formConnectionSetting.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formConnectionSetting.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327174"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327174"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661296"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T16:15:45Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-hx8x-rgrq-mj3w/GHSA-hx8x-rgrq-mj3w.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-hx8x-rgrq-mj3w",
+  "modified": "2025-10-05T18:30:17Z",
+  "published": "2025-10-05T18:30:17Z",
+  "aliases": [
+    "CVE-2025-11296"
+  ],
+  "details": "A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11296"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formPPTPSetup.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formPPTPSetup.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327177"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327177"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661300"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T17:15:33Z"
+  }
+}

advisories/unreviewed/2025/10/GHSA-vgwp-xmwr-8vx7/GHSA-vgwp-xmwr-8vx7.json

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vgwp-xmwr-8vx7",
+  "modified": "2025-10-05T18:30:17Z",
+  "published": "2025-10-05T18:30:17Z",
+  "aliases": [
+    "CVE-2025-11294"
+  ],
+  "details": "A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11294"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formL2TPSetup.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/panda666-888/vuls/blob/main/belkin/f9k1015/formL2TPSetup.md#poc"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.327175"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.327175"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.661298"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-119"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-10-05T16:15:46Z"
+  }
+}