Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2025-8730 PoC — Belkin F9K1009/F9K1010 Web Interface hard-coded credentials

Source
https://github.com/byteReaper77/CVE-2025-8730
Associated Vulnerability
Title:Belkin F9K1009/F9K1010 Web Interface hard-coded credentials (CVE-2025-8730)
Description:A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Description
Exploit demonstrating an authentication bypass vulnerability  in the web interface of Belkin F9K1009 and F9K1010 routers.
Readme
## CVE-2025-8730 – Authentication Bypass in Belkin F9K1009/F9K1010

**Author : Byte Reaper**

## Description :
This repository contains a  exploit for CVE‑2025‑8730, a critical Authentication Bypass vulnerability affecting the web interface of Belkin F9K1009 and F9K1010 routers.

The flaw lies in the session validation logic of the /login.htm file, where improperly handled cookies or crafted requests allow attackers to bypass login checks and gain full access to the administrative interface without valid credentials.

This vulnerability enables remote attackers (with network access) to:

Access sensitive configuration data

Modify router settings

Deploy further payloads for persistence or lateral movement

## References :
NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-8730


## Usage :
```
    gcc exploit.c argparse.c -o CVE-2025-8730  -lcurl
    ./CVE-2025-8730 -i 192.168.1.1 
    Verbose Mode : 
    ./CVE-2025-8730 -i 192.168.1.1 -v -c [cookie file]
    Full URl :
    ./CVE-2025-8730 -f http://<IP>/<LOGIN_FILE>
    Sleep (second):
    ./CVE-2025-8730 -i 192.168.1.1 -s 1 
    Number Request (For loop), example 10 Request POST :
    ./CVE-2025-8730 -i 192.168.1.1 -k 10 -s 1 -v

```

License :

MIT License
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →