CVE-2026-5612

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has…

been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 mandates validation of information inputs such as the 'webpage' argument to prevent stack-based buffer overflows in the formWlEncrypt function.

SI-16 Memory Protection good match

prevent

SI-16 enforces memory protections like stack canaries, ASLR, and DEP to block arbitrary code execution from stack buffer overflows.

RA-5 Vulnerability Monitoring and Scanning good match

detect

RA-5 requires vulnerability scanning to identify systems affected by CVE-2026-5612, enabling timely mitigation of exposed Belkin F9K1015 routers.

Security SummaryAI

CVE-2026-5612 is a stack-based buffer overflow vulnerability in the Belkin F9K1015 router running firmware version 1.00.10. The issue resides in the formWlEncrypt function within the /goform/formWlEncrypt file, where manipulation of the "webpage" argument triggers the overflow. Associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), it was published on 2026-04-06 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers who possess low privileges, such as authenticated users on the device. With network access, low attack complexity, and no user interaction required, successful exploitation can result in high impacts to confidentiality, integrity, and availability, potentially allowing arbitrary code execution via the buffer overflow.

Advisories from VulDB detail the vulnerability, including a publicly disclosed exploit available on GitHub, and note that the vendor was contacted early but provided no response or patches. Mitigation relies on avoiding exposure of affected devices to untrusted networks and monitoring for exploit attempts, as no official fixes are available.

The exploit has been publicly disclosed and may be utilized, increasing the risk for unpatched Belkin F9K1015 deployments.

Details

CWE(s): CWE-119 CWE-121

Affected Products

belkin

f9k1015 firmware

1.00.10

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The stack-based buffer overflow in the router's authenticated web form (/goform/formWlEncrypt) enables remote attackers with low privileges to achieve arbitrary code execution, directly facilitating exploitation of a public-facing application (T1190) and privilege escalation from authenticated low-priv access (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_7/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/785551
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355403
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355403/cti
Permissions Required, VDB Entry · cna@vuldb.com