QwikSec

Security Database

CVE

CWE

Training

CVE-2009-20009

Published: Aug 30, 2025

Modified: May 15, 2026

PUBLISHED

Description

Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request is sent with an oversized Authorization header, the application fails to properly validate the input length before copying it into a fixed-size buffer, resulting in memory corruption and potential remote code execution. Exploitation requires network access and does not require prior authentication.

Vendor	Product	Versions
Belkin International, Inc.	Bulldog Plus UPS Monitoring Software	affected `0 - <= 4.0.2 build 1219`

Weaknesses (CWE)

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/belkin_bulldog.rb

exploit

https://www.exploit-db.com/exploits/8173

exploit

https://www.fortiguard.com/encyclopedia/ips/17325/belkin-bulldog-plus-web-services-buffer-overflow

third-party-advisory

https://s3.belkin.com/support/dl/bulldogwindows.pdf

product

https://www.vulncheck.com/advisories/belkin-bulldog-plus-web-service-buffer-overflow

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.