Skip to main content

F9k1122 CVE-2026-5042

| EUVDEUVD-2026-16987 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-03-29 VulDB
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Mar 30, 2026 - 18:58 vuln.today
Public exploit code
EUVD ID Assigned
Mar 29, 2026 - 10:45 euvd
EUVD-2026-16987
Analysis Generated
Mar 29, 2026 - 10:45 vuln.today
CVE Published
Mar 29, 2026 - 10:30 nvd
HIGH 7.4

DescriptionCVE.org

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 allows authenticated remote attackers to achieve arbitrary code execution via the formCrossBandSwitch parameter handler. Exploitation requires low-privilege authentication but no user interaction, with publicly available exploit code confirming proof-of-concept viability. EPSS data not available, but the combination of network attack vector, low complexity (AC:L), and public exploit represents elevated risk for internet-exposed devices. Vendor unresponsive to disclosure, indicating no official patch timeline.

Technical ContextAI

This vulnerability affects the Belkin F9K1122 wireless router (CPE: cpe:2.3:a:belkin:f9k1122), specifically firmware version 1.00.33. The flaw resides in the formCrossBandSwitch function within the /goform/formCrossBandSwitch endpoint of the web-based parameter handler. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow), a memory corruption issue where insufficient bounds checking on the 'webpage' parameter allows an attacker to write beyond allocated stack memory boundaries. In embedded router firmware, such overflows in parameter handlers typically occur when user-supplied input from HTTP POST/GET requests is copied into fixed-size stack buffers using unsafe string operations (strcpy, sprintf) without proper length validation. Successful exploitation can overwrite return addresses or function pointers on the stack, enabling arbitrary code execution with the privileges of the web server process, typically root on consumer routers.

RemediationAI

No vendor-released patch identified at time of analysis. Belkin did not respond to vulnerability disclosure attempts, indicating no official fix or security advisory is forthcoming for this end-of-life product. Recommended mitigation strategies include: discontinue use of affected Belkin F9K1122 devices and replace with currently supported router models from any vendor with active security update commitments; if replacement is not immediately feasible, disable remote administration interfaces entirely and restrict web interface access to trusted internal networks only via firewall rules; change all default credentials to strong, unique passwords to raise the authentication barrier; monitor for unauthorized access attempts in router logs. Additional technical details and proof-of-concept code are available in the researcher's GitHub repository at https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md and VulDB entry https://vuldb.com/vuln/353965. Given the vendor's non-responsiveness and the legacy status of this hardware, hardware replacement represents the only definitive long-term remediation.

Share

CVE-2026-5042 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy