Skip to main content

F9K1015 CVE-2026-5610

| EUVDEUVD-2026-19150 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-04-06 VulDB GHSA-8phh-65xx-646j
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
EUVD ID Assigned
Apr 06, 2026 - 01:45 euvd
EUVD-2026-19150
Analysis Generated
Apr 06, 2026 - 01:45 vuln.today
CVE Published
Apr 06, 2026 - 01:30 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve full system compromise (code execution, denial of service, credential theft) via crafted requests to the formWISP5G endpoint. CVSS 8.8 severity with low attack complexity and publicly available exploit code. Vendor has not responded to disclosure, leaving users without an official patch. EPSS data not available, but the combination of network accessibility, low complexity, and public POC elevates real-world risk despite requiring low-privilege authentication.

Technical ContextAI

This vulnerability affects the formWISP5G function within the /goform/formWISP5G handler in Belkin F9K1015 router firmware version 1.00.10. The flaw is a classic stack-based buffer overflow (CWE-121), where the application fails to properly validate the length of the 'webpage' parameter before copying it to a fixed-size stack buffer. When an attacker supplies an oversized input, the overflow corrupts adjacent stack memory, potentially overwriting return addresses or function pointers. In embedded router firmware written in C/C++, such vulnerabilities commonly arise from unsafe string handling functions (strcpy, sprintf) and lack of bounds checking on user-controlled input. The /goform/ endpoint pattern is typical of CGI-based router management interfaces, which often run with elevated privileges and have direct access to system configuration and network controls.

RemediationAI

No vendor-released patch identified at time of analysis. Belkin has not responded to vulnerability disclosure or published security advisories addressing CVE-2026-5610 per VulDB reporting. In absence of official remediation, organizations and home users should implement the following risk reduction measures: immediately change default administrative credentials to strong, unique passwords to raise the authentication barrier; restrict management interface access to trusted internal networks only by disabling remote administration features and binding the web interface to LAN-only access; deploy network segmentation to isolate the vulnerable router from critical systems; monitor router logs for unusual administrative access patterns or crashes indicating exploitation attempts; and evaluate replacement with current-generation router hardware that receives active security support. For enterprise environments, consider deploying the router behind a separate firewall/UTM device that can inspect and filter malicious requests. Reference materials available at VulDB vulnerability entry https://vuldb.com/vuln/355401 and exploit proof-of-concept at https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_3/README.md for technical details.

Share

CVE-2026-5610 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy