CVE-2026-5629

CVE-2026-5629 is a stack-based buffer overflow vulnerability in the Belkin F9K1015 router running firmware version 1.00.10. The issue resides in the formSetFirewall function within the /goform/formSetFirewall file, where manipulation of the "webpage" argument triggers the overflow. This flaw, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring low attack complexity and no user interaction. Successful exploitation allows arbitrary code execution, granting high levels of confidentiality, integrity, and availability impact, potentially leading to full device compromise such as unauthorized access, data theft, or further network pivoting from the affected router.

VulDB advisories and the associated GitHub repository document the issue, noting that a public exploit is available and that the vendor was contacted early but provided no response or patch. No official mitigation or firmware update is referenced, leaving affected devices reliant on network segmentation, access controls, or device replacement to reduce exposure.

The exploit's public availability increases the risk of widespread abuse, though no specific real-world exploitation in the wild is detailed beyond the disclosure.