CVE-2026-5042 - Vulnerability Details

Description

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-03-29

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A stack‑based buffer overflow exists in the formCrossBandSwitch function of Belkin F9K1122 firmware 1.00.33. By sending a maliciously constructed webpage argument to /goform/formCrossBandSwitch the attack can overflow the stack and overwrite control data, enabling an attacker to execute arbitrary code or crash the device. The flaw originates from improper input validation (CWE‑119, CWE‑121) and would allow a threat actor to gain full control over the device’s firmware, compromising confidentiality, integrity, and availability.

Affected Systems

The vulnerability is specific to Belkin’s F9K1122 model running firmware version 1.00.33. No other versions are presently documented as affected.

Risk and Exploitability

With a CVSS score of 8.7 the flaw is considered high severity. The exploit is available publicly and can be triggered remotely via crafted HTTP requests to the compromised endpoint; no local privilege escalation or social‑engineering is required. Because the vulnerability is not listed in the KEV catalog and EPSS data is missing, the risk is judged to be high but the exact likelihood is undetermined. Immediate attention is required to mitigate potential exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Belkin

F9K1122

affected

Version	Status	Constraints
`1.00.33`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an updated firmware version that fixes the buffer overflow if one is released.
If a patch is not available, block or restrict HTTP access to the /goform/formCrossBandSwitch endpoint from untrusted networks using a firewall or local network segmentation.
Disallow remote management features that use the affected function when possible.
Monitor device logs for signs of exploitation and isolate the device from the public internet if it must remain online.
Keep all other device firmware and network security controls up‑to‑date.

Generated by OpenCVE AI on March 29, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md
https://vuldb.com/submit/779123
https://vuldb.com/vuln/353965
https://vuldb.com/vuln/353965/cti

History

Sun, 29 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title		Belkin F9K1122 Parameter formCrossBandSwitch stack-based overflow
First Time appeared		Belkin Belkin f9k1122 Firmware
Weaknesses		CWE-119 CWE-121
CPEs		cpe:2.3:o:belkin:f9k1122_firmware::::::::
Vendors & Products		Belkin Belkin f9k1122 Firmware
References		https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_153/README.md https://vuldb.com/submit/779123 https://vuldb.com/vuln/353965 https://vuldb.com/vuln/353965/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Belkin F9k1122 Firmware

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-29T10:30:10.400Z

Updated: 2026-03-29T10:30:10.400Z

Reserved: 2026-03-27T16:35:43.170Z

Link: CVE-2026-5042

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-03-29T11:16:34.867

Modified: 2026-03-29T11:16:34.867

Link: CVE-2026-5042

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-29T20:31:40Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object