Which versions of F9k1122 are affected by CVE-2026-4566?

A critical remote code execution vulnerability affects Belkin F9K1122 routers with publicly available exploit code, allowing authenticated attackers to completely compromise affected devices.

Is there a public PoC exploit available for CVE-2026-4566?

Yes, a public proof-of-concept exploit is available for CVE-2026-4566. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4566?

Within 24 hours: Identify and inventory all Belkin F9K1122 devices on the network and restrict administrative access to trusted personnel only. Within 7 days: Implement network segmentation to isolate affected routers from critical systems and deploy WAF rules to block malicious formWISP5G requests. Within 30 days: Evaluate replacement with patched router models or alternative vendors, and establish a formal remediation timeline with business stakeholders given the absence of vendor patches.

F9k1122 CVE-2026-4566

Q: What is the CVSS score of CVE-2026-4566?

CVE-2026-4566 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-14347 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-23 VulDB

Buffer Overflow Stack Overflow F9k1122

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 22:22 vuln.today

cvss_changed

CVSS changed

Apr 29, 2026 - 22:22 NVD

8.8 (HIGH) 7.4 (HIGH)

PoC Detected

Mar 23, 2026 - 14:31 vuln.today

Public exploit code

EUVD ID Assigned

Mar 23, 2026 - 02:30 euvd

EUVD-2026-14347

Analysis Generated

Mar 23, 2026 - 02:30 vuln.today

CVE Published

Mar 23, 2026 - 01:30 nvd

HIGH 8.8

DescriptionCVE.org

A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve complete system compromise through manipulation of the webpage parameter in the formWISP5G function. Public exploit code exists for this vulnerability and the vendor has not provided patches or responded to disclosure attempts. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Belkin F9K1122 router

Exploit

Send crafted webpage parameter to /goform/formWISP5G

Execution

Trigger stack-based buffer overflow

Impact

Execute arbitrary code with router privileges