Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 enables authenticated remote attackers to achieve full device compromise via crafted 'webpage' parameter in formWlanSetup function. Publicly available exploit code exists, and EPSS data suggests low-probability targeting despite critical CVSS 8.8 severity. Vendor non-responsive to disclosure; no patch released.
Technical ContextAI
This vulnerability affects the formWlanSetup function in Belkin F9K1122 wireless router firmware version 1.00.33, accessible via the /goform/formWlanSetup endpoint. The flaw is a classic stack-based buffer overflow (CWE-121) triggered by insufficient input validation on the 'webpage' parameter. When an attacker supplies a maliciously oversized string to this parameter, it overwrites adjacent memory on the stack, potentially allowing control of instruction pointers and execution flow. Stack-based overflows in embedded device web interfaces are particularly dangerous because firmware often lacks modern exploit mitigations (ASLR, stack canaries, DEP) common in desktop operating systems. The affected CPE (cpe:2.3:a:belkin:f9k1122:*:*:*:*:*:*:*:*) indicates this is an application-layer vulnerability in the router's HTTP daemon or CGI handler, likely written in C/C++ where manual memory management makes buffer overflows a persistent risk.
RemediationAI
No vendor-released patch identified at time of analysis. Belkin did not respond to vulnerability disclosure, leaving affected users without an official firmware update. Immediate mitigation steps include disabling remote administration features to eliminate network attack vector, restricting administrative interface access to trusted internal IP ranges via firewall rules, enforcing strong non-default administrative credentials to raise the authentication barrier, and prioritizing replacement with actively supported hardware given the vendor's non-responsive posture. Organizations should audit network perimeters for exposed F9K1122 devices and implement network segmentation to isolate these routers from critical assets. Monitor the VulDB reference at https://vuldb.com/vuln/355399 for potential community patches or additional mitigation guidance, though official vendor remediation appears unlikely given abandonment indicators.
Stack-based buffer overflow in Belkin F9K1122 firmware version 1.00.33 allows authenticated remote attackers to achieve
Remote code execution via stack-based buffer overflow in Belkin F9K1122 router firmware allows authenticated attackers t
Stack-based buffer overflow in Belkin F9K1122 router version 1.00.33 allows authenticated remote attackers to achieve fu
Stack-based buffer overflow in Belkin F9K1122 router (firmware 1.00.33) enables authenticated remote attackers to achiev
Stack-based buffer overflow in Belkin F9K1122 router firmware 1.00.33 allows authenticated remote attackers to achieve a
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19146
GHSA-jrwh-p54q-29xf