CVE-2026-5042

HighPublic PoC

Published: 29 March 2026

Published

29 March 2026

Modified

30 March 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may…

be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of known flaws like the stack-based buffer overflow in CVE-2026-5042 through patching or approved mitigations.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as stack canaries, ASLR, and DEP to mitigate stack-based buffer overflows exploited via the 'webpage' argument.

SI-10 Information Input Validation good match

prevent

Enforces validation of information inputs like the 'webpage' argument to prevent improper restriction of operations leading to buffer overflows.

Security SummaryAI

CVE-2026-5042 is a stack-based buffer overflow vulnerability affecting the Belkin F9K1122 router on firmware version 1.00.33. The issue lies in the formCrossBandSwitch function within the /goform/formCrossBandSwitch file of the Parameter Handler component, triggered by manipulation of the "webpage" argument. Associated CWEs include CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write). The vulnerability was published on 2026-03-29 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise. A public exploit has been released, increasing the risk of real-world attacks.

Advisories from VulDB and a related GitHub repository document the issue but note that the vendor was contacted early without any response. No patches or official mitigations are available based on the disclosure. Practitioners should review the references—such as https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md and https://vuldb.com/vuln/353965—for exploit details and monitor for updates.

Details

CWE(s): CWE-119 CWE-121 CWE-787

Affected Products

belkin

f9k1122 firmware

1.00.33

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a stack-based buffer overflow in the web management interface (formCrossBandSwitch) of a public-facing router, enabling remote exploitation for arbitrary code execution, directly mapping to Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/779123
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/353965
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/353965/cti
Permissions Required, VDB Entry · cna@vuldb.com