CVE-2026-5608

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in Belkin F9K1122 1.00.33. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public…

and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents stack-based buffer overflow by validating and sanitizing the 'webpage' argument in the formWlanSetup function.

SI-16 Memory Protection good match

preventdetect

Implements memory protections such as stack canaries and ASLR to block or detect exploitation of the stack-based buffer overflow.

SI-2 Flaw Remediation good match

prevent

Requires timely patching or firmware updates to remediate the specific buffer overflow vulnerability in Belkin F9K1122 firmware 1.00.33.

Security SummaryAI

CVE-2026-5608 is a stack-based buffer overflow vulnerability affecting the Belkin F9K1122 router on firmware version 1.00.33. The flaw exists in the formWlanSetup function of the /goform/formWlanSetup file, triggered by manipulation of the "webpage" argument. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by an attacker possessing low privileges, such as an authenticated user on the device. Successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution and full device compromise. A public exploit is available for use.

Advisories and details are documented in references including VulDB entries and a GitHub repository. The vendor was contacted early regarding disclosure but has not responded or provided patches or mitigations.

Details

CWE(s): CWE-119 CWE-121

Affected Products

belkin

f9k1122 firmware

1.00.33

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Stack-based buffer overflow in router web interface form handler enables remote authenticated RCE and full device compromise, directly mapping to exploitation of public-facing application and exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_80/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/785315
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355399
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355399/cti
Permissions Required, VDB Entry · cna@vuldb.com