Skip to main content

F9K1015 Firmware EUVD-2026-19182

| CVE-2026-5629 HIGH
Buffer Overflow (CWE-119)
2026-04-06 cna@vuldb.com GHSA-m47x-pvpv-3jg6
Buffer Overflow F9K1015 Firmware
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 06:22 euvd
EUVD-2026-19182
Analysis Generated
Apr 06, 2026 - 06:22 vuln.today
CVE Published
Apr 06, 2026 - 06:16 nvd
HIGH 7.4

DescriptionCVE.org

A vulnerability was detected in Belkin F9K1015 1.00.10. The affected element is the function formSetFirewall of the file /goform/formSetFirewall. The manipulation of the argument webpage results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in Belkin F9K1015 wireless router firmware 1.00.10 enables authenticated remote attackers to achieve complete device compromise via the formSetFirewall firewall configuration function. The vulnerability has publicly available exploit code and carries an EPSS exploitation probability that warrants attention, though no active exploitation has been confirmed by CISA KEV at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Belkin router management interface
Delivery
Send crafted HTTP request to /goform/formSetFirewall
Exploit
Inject oversized webpage parameter
Execution
Trigger stack buffer overflow
Impact
Execute arbitrary code with router privileges
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires authenticated access to Belkin F9K1015 firmware version 1.00.10. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk assessment requires balancing multiple signals that present a nuanced picture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker targets a small business using a Belkin F9K1015 router that retains default administrative credentials or has weak passwords discoverable through credential stuffing attacks. After successfully authenticating to the router's web interface (commonly accessible on local networks or if remote management is enabled), the attacker crafts a malicious HTTP request to the /goform/formSetFirewall endpoint with an oversized 'webpage' parameter value exceeding the stack buffer allocation. …
Remediation No vendor-released patch is available for this vulnerability. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all F9K1015 devices across network segments and document firmware versions; disable remote administration if enabled. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-19182 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy