Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 allows authenticated remote attackers to achieve arbitrary code execution via the formCrossBandSwitch parameter handler. Exploitation requires low-privilege authentication but no user interaction, with publicly available exploit code confirming proof-of-concept viability. EPSS data not available, but the combination of network attack vector, low complexity (AC:L), and public exploit represents elevated risk for internet-exposed devices. Vendor unresponsive to disclosure, indicating no official patch timeline.
Technical ContextAI
This vulnerability affects the Belkin F9K1122 wireless router (CPE: cpe:2.3:a:belkin:f9k1122), specifically firmware version 1.00.33. The flaw resides in the formCrossBandSwitch function within the /goform/formCrossBandSwitch endpoint of the web-based parameter handler. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow), a memory corruption issue where insufficient bounds checking on the 'webpage' parameter allows an attacker to write beyond allocated stack memory boundaries. In embedded router firmware, such overflows in parameter handlers typically occur when user-supplied input from HTTP POST/GET requests is copied into fixed-size stack buffers using unsafe string operations (strcpy, sprintf) without proper length validation. Successful exploitation can overwrite return addresses or function pointers on the stack, enabling arbitrary code execution with the privileges of the web server process, typically root on consumer routers.
RemediationAI
No vendor-released patch identified at time of analysis. Belkin did not respond to vulnerability disclosure attempts, indicating no official fix or security advisory is forthcoming for this end-of-life product. Recommended mitigation strategies include: discontinue use of affected Belkin F9K1122 devices and replace with currently supported router models from any vendor with active security update commitments; if replacement is not immediately feasible, disable remote administration interfaces entirely and restrict web interface access to trusted internal networks only via firewall rules; change all default credentials to strong, unique passwords to raise the authentication barrier; monitor for unauthorized access attempts in router logs. Additional technical details and proof-of-concept code are available in the researcher's GitHub repository at https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md and VulDB entry https://vuldb.com/vuln/353965. Given the vendor's non-responsiveness and the legacy status of this hardware, hardware replacement represents the only definitive long-term remediation.
Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve
Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers t
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 enables authenticated remote attackers to achieve
Stack-based buffer overflow in Belkin F9K1122 router version 1.00.33 allows authenticated remote attackers to achieve fu
Stack-based buffer overflow in Belkin F9K1122 router (firmware 1.00.33) enables authenticated remote attackers to achiev
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16987