CVE-2026-5628

HighPublic PoC

Published: 06 April 2026

Published

06 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security vulnerability has been detected in Belkin F9K1015 1.00.10. Impacted is the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. The manipulation of the argument webpage leads to stack-based buffer overflow. Remote exploitation of the attack…

is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents stack-based buffer overflows by validating the 'webpage' argument in the formSetSystemSettings function against bounds and expected formats.

SI-16 Memory Protection good match

prevent

Implements memory safeguards like stack canaries, ASLR, and non-executable stacks to block exploitation of the stack-based buffer overflow even if invalid input reaches the handler.

SI-2 Flaw Remediation good match

preventrecover

Requires timely flaw remediation through firmware updates to eliminate the buffer overflow vulnerability in the Belkin F9K1015 router's Setting Handler.

Security SummaryAI

CVE-2026-5628 is a stack-based buffer overflow vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. The flaw resides in the formSetSystemSettings function of the /goform/formSetSystemSettings file within the Setting Handler component, triggered by manipulation of the "webpage" argument. Published on 2026-04-06, it is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), earning a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, likely allowing arbitrary code execution on the affected device.

Advisories from VulDB and related references, including a GitHub repository, confirm public disclosure of the exploit, which may be actively used. The vendor was notified early but provided no response, and no patches or mitigations are mentioned in available sources. Security practitioners should isolate affected devices and monitor for anomalous activity until firmware updates are released.

Details

CWE(s): CWE-119 CWE-121

Affected Products

belkin

f9k1015 firmware

1.00.10

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The remote stack-based buffer overflow in the public-facing web interface (formSetSystemSettings) of the router allows low-privileged attackers to achieve arbitrary code execution with high impact on C/I/A, directly enabling exploitation of public-facing applications (T1190) and exploitation for privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/Litengzheng/vuldb_new/blob/main/Belkin%20F9K1015/vul_12/README.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/submit/785555
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355416
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/vuln/355416/cti
Permissions Required, VDB Entry · cna@vuldb.com