Introduction
Remote attackers can gain full administrative access to Belkin F9K1009 and F9K1010 routers simply by using hard-coded credentials embedded in the device firmware. This issue impacts home and small business users relying on these models for network security, leaving them exposed to device takeover if the web interface is accessible from outside the trusted network.
Belkin is a widely recognized manufacturer of consumer networking equipment, with millions of devices deployed globally. The F9K1009 and F9K1010 models are common in residential and small office environments, making this vulnerability highly relevant for a broad user base.
Technical Information
CVE-2025-8730 arises from hard-coded authentication credentials present in the web interface component of Belkin F9K1009 (firmware 2.00.09) and F9K1010 (firmware 2.00.04) routers. The credentials are stored directly in the firmware and are not modifiable or removable by end users. Attackers who know these credentials can authenticate to the web interface and obtain administrative access, regardless of any user-configured passwords.
This vulnerability is classified under:
- CWE-259: Use of Hard-coded Password
- CWE-798: Use of Hard-coded Credentials
The attack is possible if the router's web interface is exposed to the attacker's network location. This can occur if remote management is enabled, if port forwarding or UPnP is misconfigured, or if the attacker is on the local network. Once authenticated, an attacker can change settings, intercept traffic, or install persistent malware on the device.
Proof-of-concept documentation and the specific hard-coded credentials are publicly available, making exploitation trivial for anyone with access to the web interface.
Affected Systems and Versions
- Belkin F9K1009 router running firmware version 2.00.09
- Belkin F9K1010 router running firmware version 2.00.04
Only these specific firmware versions are confirmed vulnerable. Devices running other firmware versions are not covered by the public disclosure.
Vendor Security History
Belkin has a recurring history of critical vulnerabilities in its router products. Notable examples include:
- N600 DB Wireless Dual-Band router (F9K1102 v2): Multiple critical flaws including DNS spoofing and credential theft (source)
- N150 Wireless Router (F9K1009 v1): HTML/script injection, authentication bypass, and CSRF (source)
Belkin's response to vulnerability disclosures has been inconsistent, with some reports of slow or absent communication and patching. No patch or official advisory has been released for CVE-2025-8730 as of this writing.