Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve full system compromise (code execution, denial of service, credential theft) via crafted requests to the formWISP5G endpoint. CVSS 8.8 severity with low attack complexity and publicly available exploit code. Vendor has not responded to disclosure, leaving users without an official patch. EPSS data not available, but the combination of network accessibility, low complexity, and public POC elevates real-world risk despite requiring low-privilege authentication.
Technical ContextAI
This vulnerability affects the formWISP5G function within the /goform/formWISP5G handler in Belkin F9K1015 router firmware version 1.00.10. The flaw is a classic stack-based buffer overflow (CWE-121), where the application fails to properly validate the length of the 'webpage' parameter before copying it to a fixed-size stack buffer. When an attacker supplies an oversized input, the overflow corrupts adjacent stack memory, potentially overwriting return addresses or function pointers. In embedded router firmware written in C/C++, such vulnerabilities commonly arise from unsafe string handling functions (strcpy, sprintf) and lack of bounds checking on user-controlled input. The /goform/ endpoint pattern is typical of CGI-based router management interfaces, which often run with elevated privileges and have direct access to system configuration and network controls.
RemediationAI
No vendor-released patch identified at time of analysis. Belkin has not responded to vulnerability disclosure or published security advisories addressing CVE-2026-5610 per VulDB reporting. In absence of official remediation, organizations and home users should implement the following risk reduction measures: immediately change default administrative credentials to strong, unique passwords to raise the authentication barrier; restrict management interface access to trusted internal networks only by disabling remote administration features and binding the web interface to LAN-only access; deploy network segmentation to isolate the vulnerable router from critical systems; monitor router logs for unusual administrative access patterns or crashes indicating exploitation attempts; and evaluate replacement with current-generation router hardware that receives active security support. For enterprise environments, consider deploying the router behind a separate firewall/UTM device that can inspect and filter malicious requests. Reference materials available at VulDB vulnerability entry https://vuldb.com/vuln/355401 and exploit proof-of-concept at https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_3/README.md for technical details.
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 v1.00.10 allows authenticated remote attackers to achieve code execution v
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attac
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19150
GHSA-8phh-65xx-646j