CVE-2025-8730 – Belkin F9K1009 and F9K1010 Web Interface Hard-Coded Credentials Vulnerability

Vulnerability

A critical vulnerability exists in the Belkin F9K1009 and F9K1010 routers, specifically in the Web Interface of firmware versions 2.00.04 and 2.00.09. This vulnerability involves hard-coded credentials that allow unauthorized users to log in directly to the router's administrative interface. The issue can be exploited remotely, without any authentication requirements. The hard-coded credentials consist of a username and password, both set to '00E0A6-111'.

Impact

Exploitation of this vulnerability allows for unauthorized access to the router's administrative functions, potentially leading to further configuration changes or management of the device.

Reproduction

The vulnerability can be reproduced by accessing the Web Interface of the affected router models and firmware versions. Once the login page is reached, the hard-coded credentials can be used to gain administrative access. This can be done remotely, without any need for user authentication.

Added: Aug 8, 2025, 3:17 PM

Updated: Aug 8, 2025, 3:17 PM

Affected Products

Belkin F9K1009

0 remedies

cpe:2.3:h:belkin:n150_f9k1009:*:*:*:*:*:*:*, +1 more

0 remedies

2.00.09

CVSS Scores

volerion

8.9

CVSS 4.0

8.9

High

volerion

9.8

CVSS 3.1

9.8

Critical

Vendor

8.9

CVSS 4.0

8.9

High

Vendor

9.8

CVSS 3.1

9.8

Critical

Click a row to open the calculator.

References

https://github.com/Nicholas-wei/bug-discovery/blob/main/belkin/F9K1009_WW_2.00.09/belkin%20F9K1009_WW_2.00.09_hardcoded_credential.pdf

Exploit

https://github.com/Nicholas-wei/bug-discovery/blob/main/belkin/F9K1010_WW_2.00.04/belkin_F9K1010_WW_2.00.04_hardcoded_credential.pdf

Exploit

https://vuldb.com/?ctiid.319226

AdvisoryPermission Required

https://vuldb.com/?id.319226

AdvisoryExploitPartial Content

Showing 1-4 of 7 references

Belkin F9K1009 and F9K1010 Web Interface Hard-Coded Credentials Vulnerability