Which versions of F9k1122 are affected by EUVD-2026-16989?

CVE-2026-5043 is a high-severity stack buffer overflow in Belkin F9K1122 routers (firmware 1.00.33) that allows authenticated attackers to execute arbitrary code and fully compromise affected…

Is there a public PoC exploit available for EUVD-2026-16989?

Yes, a public proof-of-concept exploit is available for EUVD-2026-16989. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-16989?

Within 24 hours: Inventory all Belkin F9K1122 routers and document firmware version 1.00.33 instances; isolate affected devices from production networks if operationally feasible. Within 7 days: Contact Belkin support to confirm patch status and end-of-life timeline; evaluate replacement router models for affected deployments. Within 30 days: Complete migration to patched/alternative hardware or implement compensating network controls (see below); document all remaining instances with business justification.

F9k1122 EUVD-2026-16989

Q: What is the CVSS score of EUVD-2026-16989?

EUVD-2026-16989 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-5043 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-29 VulDB

Buffer Overflow Stack Overflow F9k1122

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Mar 30, 2026 - 18:57 vuln.today

Public exploit code

EUVD ID Assigned

Mar 29, 2026 - 11:30 euvd

EUVD-2026-16989

Analysis Generated

Mar 29, 2026 - 11:30 vuln.today

CVE Published

Mar 29, 2026 - 11:15 nvd

HIGH 7.4

DescriptionCVE.org

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1122 router (firmware 1.00.33) enables authenticated remote attackers to achieve complete system compromise via the formSetPassword endpoint. The vulnerability affects the Parameter Handler component and permits code execution with high impact to confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to Belkin F9K1122 device

Exploit

Send crafted request to /goform/formSetPassword

Execution

Overflow webpage parameter into stack buffer

Impact

Execute arbitrary code with device privileges