In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vulnerable parameters], are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject a an OS command which will be executed with root privileges, as the web interface, and all processes on the device, run as root.
Conclusion & alert: CVE-2022-30105 is rated High Exploit Risk (79.6/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 2.77%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 6.90% | 2.77% | -4.14% |
| 2 | 2026-05-21 | 4.28% | 6.90% | +2.62% |
| 3 | 2026-04-16 | — | 4.28% | — |
Full EPSS history (27 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 10.0 | 2.0 | HIGH |
|
10.0 | 10.0 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| belkin | n300_firmware | 1.00.08 | cpe:2.3:o:belkin:n300_firmware:1.00.08:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://www.exploitee.rs/index.php/Belkin_N300#Remote_Root | Exploit Third Party Advisory |