Description
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-23
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the formWISP5G function of Belkin F9K1122 firmware, allowing an attacker to trigger memory corruption and potentially execute arbitrary code. The overflow can be triggered by manipulating the webpage argument of the /goform/formWISP5G endpoint, leading to a compromise of the device’s confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects Belkin F9K1122 devices running firmware 1.00.33 and possibly earlier releases that include the formWISP5G function. All units of this model that have not applied a firmware update to mitigate the flaw are susceptible.

Risk and Exploitability

The flaw carries a CVSS score of 8.7, indicating high severity, and an exploit has been published and is known to be usable. While EPSS data is unavailable, the known presence of an exploit implies a significant risk. The vulnerability can be leveraged remotely through the web interface, and the device does not appear to be listed in CISA’s KEV catalog, but the lack of vendor response further heightens concern.

Generated by OpenCVE AI on March 23, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Belkin firmware update that addresses the stack-based overflow in formWISP5G (if available).
  • If an update is not yet released, block external access to the router’s web administration interface using firewall rules or by configuring the device to accept administrative traffic only from trusted local networks.
  • Consider segmenting the network and isolating the router to reduce exposure to potential remote exploitation.

Generated by OpenCVE AI on March 23, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Belkin f9k1122
Vendors & Products Belkin f9k1122

Mon, 23 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title Belkin F9K1122 formWISP5G stack-based overflow
First Time appeared Belkin
Belkin f9k1122 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:belkin:f9k1122_firmware:*:*:*:*:*:*:*:*
Vendors & Products Belkin
Belkin f9k1122 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Belkin F9k1122 F9k1122 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-23T16:06:05.262Z

Reserved: 2026-03-22T08:31:26.455Z

Link: CVE-2026-4566

cve-icon Vulnrichment

Updated: 2026-03-23T16:05:57.086Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T03:16:00.083

Modified: 2026-03-23T14:31:37.267

Link: CVE-2026-4566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:50:01Z

Weaknesses