CVE-2026-5610

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely.…

The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validating inputs such as the 'webpage' argument to prevent crafted requests from triggering the stack-based buffer overflow.

SI-16 Memory Protection good match

prevent

SI-16 enforces memory protections like stack canaries or DEP to block arbitrary code execution from stack-based buffer overflow exploits.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely identification, reporting, and correction of flaws like this buffer overflow via firmware patching.

Security SummaryAI

CVE-2026-5610 is a stack-based buffer overflow vulnerability in the Belkin F9K1015 router running firmware version 1.00.10. The flaw affects the formWISP5G function in the /goform/formWISP5G file, triggered by manipulation of the "webpage" argument. Published on April 6, 2026, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

An attacker with network access and low privileges can exploit this vulnerability remotely without user interaction. Exploitation involves sending crafted requests to the affected endpoint, leading to a stack-based buffer overflow that could enable arbitrary code execution, potentially resulting in full compromise of the device with high impacts on confidentiality, integrity, and availability.

VulDB advisories and a related GitHub repository detail the vulnerability, noting that a public exploit has been disclosed and may be actively used. The vendor was contacted early about the issue but provided no response, and no patches or official mitigations are referenced in the available sources. Security practitioners should isolate affected devices and monitor for exploitation attempts.

Details

CWE(s): CWE-119 CWE-121

Affected Products

belkin

f9k1015 firmware

1.00.10

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is a remote stack-based buffer overflow in a web form handler (/goform/formWISP5G) on a publicly accessible router interface, directly enabling T1190: Exploit Public-Facing Application to achieve arbitrary code execution and full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_3/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/785537
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355401
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355401/cti
Permissions Required, VDB Entry · cna@vuldb.com