Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the formSetSystemSettings function within the /goform/formSetSystemSettings endpoint, exploitable via the 'webpage' parameter. Publicly available exploit code exists (GitHub POC), CVSS 8.8 indicating network-exploitable with low complexity requiring only low-privilege authentication. Vendor unresponsive to coordinated disclosure attempts.
Technical ContextAI
This is a classic stack-based buffer overflow (CWE-121) in embedded router firmware. The Belkin F9K1015 router's web administration interface includes a Setting Handler component that processes system configuration requests via the /goform/formSetSystemSettings endpoint. The vulnerable formSetSystemSettings function fails to properly validate input length for the 'webpage' parameter before copying it to a fixed-size stack buffer. CPE identifier cpe:2.3:a:belkin:f9k1015:*:*:*:*:*:*:*:* confirms the affected product. Stack-based overflows in embedded devices commonly allow attackers to overwrite return addresses and hijack control flow, leading to arbitrary code execution in the router's operating context. These devices typically run with elevated privileges and lack modern exploit mitigations like ASLR or stack canaries, making exploitation more reliable than in contemporary operating systems.
RemediationAI
No vendor-released patch identified at time of analysis-Belkin did not respond to coordinated disclosure. Given the availability of public exploit code, network attack vector, and vendor abandonment, organizations should immediately discontinue use of Belkin F9K1015 routers and replace with actively supported networking equipment. Interim risk reduction measures include network segmentation to isolate the device from untrusted networks, disabling remote administration interfaces, implementing strong unique administrative credentials (not defaults), and restricting management access to trusted IP addresses via firewall rules if replacement is not immediately feasible. Monitor device logs for unusual configuration changes or access patterns. Consult https://vuldb.com/vuln/355416 for ongoing threat intelligence. Long-term remediation requires hardware replacement as the vendor appears to have ceased support for this legacy product line.
Stack-based buffer overflow in Belkin F9K1015 v1.00.10 allows authenticated remote attackers to achieve code execution v
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attac
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19180