Which versions of F9K1015 are affected by CVE-2026-5612?

CVE-2026-5612 affects Belkin F9K1015 wireless routers running firmware 1.00.10, allowing authenticated attackers to gain complete device control through a stack-based buffer overflow.

Is there a public PoC exploit available for CVE-2026-5612?

Yes, a public proof-of-concept exploit is available for CVE-2026-5612. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-5612?

Within 24 hours: Identify all Belkin F9K1015 devices on your network using asset inventory or SNMP scanning, document firmware versions, and isolate any running 1.00.10 from untrusted network segments. Within 7 days: Contact Belkin support to confirm patch availability beyond 1.00.10; if unavailable, evaluate firmware downgrade options or replacement with patched alternatives. Within 30 days: Deploy network segmentation controls restricting router administrative access to dedicated management VLANs, enforce strong authentication for router console access, and implement compensating controls listed below if patched firmware is unavailable.

F9K1015 CVE-2026-5612

Q: What is the CVSS score of CVE-2026-5612?

CVE-2026-5612 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-19153 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-04-06 VulDB

GHSA-9pcp-3g8w-6g9h

Buffer Overflow Stack Overflow F9K1015

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 06, 2026 - 02:45 euvd

EUVD-2026-19153

Analysis Generated

Apr 06, 2026 - 02:45 vuln.today

CVE Published

Apr 06, 2026 - 02:15 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve complete system compromise via crafted 'webpage' parameter to the formWlEncrypt endpoint. Publicly available exploit code exists (GitHub POC). …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Belkin F9K1015 device

Delivery

Send crafted request to /goform/formWlEncrypt

Exploit

Inject oversized webpage parameter

Execution

Overflow stack buffer

Impact

Execute arbitrary code with device privileges