Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A security flaw has been discovered in Belkin F9K1015 1.00.10. Impacted is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Stack-based buffer overflow in Belkin F9K1015 v1.00.10 allows authenticated remote attackers to achieve code execution via the formSetPassword function. The vulnerability requires low-privilege credentials but no user interaction, carrying a CVSS score of 8.8 (High). Public exploit code exists on GitHub, significantly lowering the barrier to exploitation, though no active exploitation is confirmed (not in CISA KEV). The vendor did not respond to responsible disclosure attempts.
Technical ContextAI
This vulnerability (CWE-121: Stack-based Buffer Overflow) affects the formSetPassword function in the /goform/formSetPassword endpoint of Belkin F9K1015 wireless router firmware version 1.00.10. Stack-based buffer overflows occur when user-supplied data exceeds the allocated buffer size on the stack, allowing attackers to overwrite return addresses and execute arbitrary code. The specific attack vector involves manipulating the 'webpage' parameter during password configuration operations. The CPE identifier (cpe:2.3:a:belkin:f9k1015:*:*:*:*:*:*:*:*) confirms this affects the Belkin F9K1015 product line. Stack overflows in embedded device web interfaces are particularly critical because these systems often lack modern exploit mitigations like ASLR or stack canaries, and the web interface typically runs with elevated privileges necessary for device configuration.
RemediationAI
No vendor-released patch identified at time of analysis, as Belkin did not respond to vulnerability disclosure attempts per the original report. Primary mitigation: discontinue use of Belkin F9K1015 routers and replace with actively supported hardware from vendors with established security update programs. If immediate replacement is not feasible, implement defense-in-depth controls: disable remote administration entirely, restrict web interface access to trusted local network segments only via firewall rules, change default administrative credentials to strong unique passwords exceeding 20 characters, monitor device logs for unusual authentication attempts or configuration changes, and isolate the router on a separate network segment if possible. Organizations should prioritize hardware replacement given the combination of public exploit availability, vendor abandonment, and the router's role as a network perimeter device. Consult VulDB advisory at https://vuldb.com/vuln/355405 and technical details at https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_11/README.md for additional context.
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 allows authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware version 1.00.10 allows authenticated remote attac
Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19158
GHSA-9grv-gr5x-p4v6