CVE-2009-20009
Belkin Bulldog Plus Web Service Buffer Overflow
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.3EPSS 1.5%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Lifecycle
08 Mar 2009Metasploit module available
30 Aug 2025Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Belkin International, Inc. · Bulldog Plus UPS Monitoring Softwarepublic PoCs found — 2
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rbunverifiedcve_referencewww.exploit-db.com/exploits/8173unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rbhttps://s3.belkin.com/support/dl/bulldogwindows.pdfhttps://www.exploit-db.com/exploits/8173https://www.fortiguard.com/encyclopedia/ips/17325/belkin-bulldog-plus-web-services-buffer-overflowhttps://www.vulncheck.com/advisories/belkin-bulldog-plus-web-service-buffer-overflow