Belkin F9K1009 and F9K1010 Routers: Brief Summary of CVE-2025-8730 Hard-Coded Credentials Vulnerability

This post provides a brief summary of CVE-2025-8730, a critical hard-coded credentials vulnerability affecting Belkin F9K1009 and F9K1010 routers running firmware versions 2.00.04 and 2.00.09. The summary covers technical details, affected versions, vendor security history, and references for further reading.
CVE Analysis

8 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-08-08

Belkin F9K1009 and F9K1010 Routers: Brief Summary of CVE-2025-8730 Hard-Coded Credentials Vulnerability
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

Remote attackers can gain full administrative access to Belkin F9K1009 and F9K1010 routers simply by using hard-coded credentials embedded in the device firmware. This issue impacts home and small business users relying on these models for network security, leaving them exposed to device takeover if the web interface is accessible from outside the trusted network.

Belkin is a widely recognized manufacturer of consumer networking equipment, with millions of devices deployed globally. The F9K1009 and F9K1010 models are common in residential and small office environments, making this vulnerability highly relevant for a broad user base.

Technical Information

CVE-2025-8730 arises from hard-coded authentication credentials present in the web interface component of Belkin F9K1009 (firmware 2.00.09) and F9K1010 (firmware 2.00.04) routers. The credentials are stored directly in the firmware and are not modifiable or removable by end users. Attackers who know these credentials can authenticate to the web interface and obtain administrative access, regardless of any user-configured passwords.

This vulnerability is classified under:

  • CWE-259: Use of Hard-coded Password
  • CWE-798: Use of Hard-coded Credentials

The attack is possible if the router's web interface is exposed to the attacker's network location. This can occur if remote management is enabled, if port forwarding or UPnP is misconfigured, or if the attacker is on the local network. Once authenticated, an attacker can change settings, intercept traffic, or install persistent malware on the device.

Proof-of-concept documentation and the specific hard-coded credentials are publicly available, making exploitation trivial for anyone with access to the web interface.

Affected Systems and Versions

  • Belkin F9K1009 router running firmware version 2.00.09
  • Belkin F9K1010 router running firmware version 2.00.04

Only these specific firmware versions are confirmed vulnerable. Devices running other firmware versions are not covered by the public disclosure.

Vendor Security History

Belkin has a recurring history of critical vulnerabilities in its router products. Notable examples include:

  • N600 DB Wireless Dual-Band router (F9K1102 v2): Multiple critical flaws including DNS spoofing and credential theft (source)
  • N150 Wireless Router (F9K1009 v1): HTML/script injection, authentication bypass, and CSRF (source)

Belkin's response to vulnerability disclosures has been inconsistent, with some reports of slow or absent communication and patching. No patch or official advisory has been released for CVE-2025-8730 as of this writing.

References

Detect & fix
what others miss