EUVD-2026-16987
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 allows authenticated remote attackers to achieve arbitrary code execution via the formCrossBandSwitch parameter handler. Exploitation requires low-privilege authentication but no user interaction, with publicly available exploit code confirming proof-of-concept viability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all Belkin F9K1122 devices in your environment and document firmware versions via administrative access or network scanning tools (e.g., Shodan, Censys). Within 7 days: Isolate affected devices (firmware 1.00.33) to trusted administrative networks only; restrict access via network segmentation or firewall rules to block non-essential inbound connections to the router's management interfaces. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today