Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Belkin F9K1122 router version 1.00.33 allows authenticated remote attackers to achieve full system compromise via the formSetSystemSettings endpoint. The vulnerability resides in the Setting Handler component's webpage parameter processing. Public exploit code is available on GitHub, significantly lowering the barrier to exploitation. With CVSS 8.8 (High) severity and low attack complexity, this represents a critical risk to affected devices, though no active exploitation has been confirmed by CISA KEV at time of analysis.
Technical ContextAI
This vulnerability affects the Belkin F9K1122 wireless router firmware version 1.00.33, specifically the Setting Handler component that processes configuration changes through the /goform/formSetSystemSettings endpoint. The root cause is CWE-121 (Stack-based Buffer Overflow), where insufficient bounds checking on the 'webpage' parameter allows an attacker to write beyond allocated stack memory. Stack-based buffer overflows are particularly dangerous in embedded devices like routers because they can enable arbitrary code execution with the privileges of the vulnerable process, typically running at system/root level. The CPE identifier cpe:2.3:a:belkin:f9k1122 confirms this affects the F9K1122 product line. Router web interfaces often lack modern memory protection mechanisms like stack canaries or ASLR, making exploitation more reliable once stack layout is determined.
RemediationAI
No vendor-released patch identified at time of analysis despite researcher notification to Belkin. Given the vendor's non-response and lack of official remediation, organizations should implement compensating controls immediately. Primary mitigation: disable remote administration features and ensure router management interfaces are accessible only from trusted internal networks, never exposed to the internet. Implement strong, unique administrative credentials if default passwords are in use, as the vulnerability requires authentication (PR:L). Consider network segmentation to isolate the router management plane from general user networks. Monitor for unusual authentication attempts or configuration changes. Long-term recommendation: evaluate replacement with actively supported router hardware from vendors with established security response programs, as the F9K1122 appears to be an end-of-life product. For vulnerability tracking and technical details, reference VulDB entry https://vuldb.com/vuln/353967 and the proof-of-concept at https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_155/README.md.
Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve
Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers t
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 enables authenticated remote attackers to achieve
Stack-based buffer overflow in Belkin F9K1122 router (firmware 1.00.33) enables authenticated remote attackers to achiev
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 allows authenticated remote attackers to achieve a
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16991