Which versions of F9k1122 are affected by CVE-2026-4167?

Belkin F9K1122 routers contain a remotely exploitable buffer overflow vulnerability with a public exploit and no vendor patch available.

Is there a public PoC exploit available for CVE-2026-4167?

Yes, a public proof-of-concept exploit is available for CVE-2026-4167. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4167?

Within 24 hours: Inventory all Belkin F9K1122 devices across the organization and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to these devices and deploy WAF rules blocking malicious webpage parameter inputs to /goform/formReboot. Within 30 days: Replace affected Belkin F9K1122 routers with alternative vendor equipment that receives active security support, or decommission units if business continuity allows.

F9k1122 CVE-2026-4167

Q: What is the CVSS score of CVE-2026-4167?

CVE-2026-4167 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-12210 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-15 VulDB

Buffer Overflow Stack Overflow F9k1122

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

CVSS changed

Apr 22, 2026 - 21:37 NVD

8.8 (HIGH) 7.4 (HIGH)

PoC Detected

Mar 16, 2026 - 14:53 vuln.today

Public exploit code

EUVD ID Assigned

Mar 15, 2026 - 06:00 euvd

EUVD-2026-12210

Analysis Generated

Mar 15, 2026 - 06:00 vuln.today

CVE Published

Mar 15, 2026 - 05:32 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers to achieve complete system compromise through the /goform/formReboot endpoint. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Belkin F9K1122

Delivery

Send crafted HTTP request to /goform/formReboot

Exploit

Manipulate webpage parameter with oversized payload

Execution

Overflow stack buffer

Impact

Execute arbitrary code with device privileges