Which versions of F9K1015 are affected by CVE-2026-5611?

Belkin F9K1015 wireless router firmware 1.00.10 contains a critical stack-based buffer overflow vulnerability (CVE-2026-5611, CVSS 8.8) that allows authenticated attackers to execute arbitrary code,…

Is there a public PoC exploit available for CVE-2026-5611?

Yes, a public proof-of-concept exploit is available for CVE-2026-5611. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-5611?

Within 24 hours: Audit all Belkin F9K1015 devices in production and create an inventory by firmware version; immediately isolate or restrict network access to affected routers (v1.00.10) to administrative personnel only. Within 7 days: Contact Belkin support to determine if patched firmware versions exist for this model; if unavailable, evaluate replacing the F9K1015 with alternative router hardware from vendors with active security support, or implement network segmentation to minimize exposure. Within 30 days: Complete replacement or firmware upgrade (if released) for all F9K1015 devices; establish a hardware refresh cycle requiring end-of-support notification from vendors before deployment.

F9K1015 CVE-2026-5611

Q: What is the CVSS score of CVE-2026-5611?

CVE-2026-5611 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-19152 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-06 VulDB

GHSA-7rxh-cwgm-8354

Stack Overflow Buffer Overflow F9K1015

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 06, 2026 - 02:45 euvd

EUVD-2026-19152

Analysis Generated

Apr 06, 2026 - 02:45 vuln.today

CVE Published

Apr 06, 2026 - 02:00 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was found in Belkin F9K1015 1.00.10. This affects the function formCrossBandSwitch of the file /goform/formCrossBandSwitch. Performing a manipulation of the argument webpage results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formCrossBandSwitch function accessible via /goform/formCrossBandSwitch endpoint, where unsanitized input to the 'webpage' parameter triggers memory corruption. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Belkin F9K1015 device

Delivery

Send crafted POST request to /goform/formCrossBandSwitch

Exploit

Manipulate webpage parameter with oversized payload

Execution

Trigger stack-based buffer overflow

Impact

Execute arbitrary code with router privileges