Description
A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-06
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

A stack-based buffer overflow exists in the formWlEncrypt function of the Belkin F9K1015 firmware. The vulnerability is triggered by a crafted request to the /goform/formWlEncrypt endpoint and can be triggered remotely, allowing an attacker to overwrite the stack and potentially execute arbitrary code on the device. Successful exploitation would compromise the confidentiality, integrity, and availability of the device and any connected networks.

Affected Systems

The affected system is the Belkin F9K1015 router running firmware version 1.00.10. No other versions are specifically listed as vulnerable in the available data.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. Although an EPSS score is not available, the vulnerability is publicly disclosed and exploitable, and it is not yet tracked in the CISA KEV catalog. Because the attack vector is remote and the exploitation path is straightforward—sending a malformed request to a web form—it poses a significant risk to environments that expose the router to untrusted networks.

Generated by OpenCVE AI on April 6, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a firmware update that resolves the stack overflow vulnerability.
  • If no update is available, restrict external access to the router’s administrative interface to local networks only.
  • Monitor the router’s logs for anomalous traffic targeting the /goform/formWlEncrypt endpoint.
  • If possible, block or limit access to the /goform/formWlEncrypt endpoint using a firewall or access control list.

Generated by OpenCVE AI on April 6, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Belkin f9k1015
Vendors & Products Belkin f9k1015

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 03:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in Belkin F9K1015 1.00.10. This vulnerability affects the function formWlEncrypt of the file /goform/formWlEncrypt. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Title Belkin F9K1015 formWlEncrypt stack-based overflow
First Time appeared Belkin
Belkin f9k1015 Firmware
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:o:belkin:f9k1015_firmware:*:*:*:*:*:*:*:*
Vendors & Products Belkin
Belkin f9k1015 Firmware
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Belkin F9k1015 F9k1015 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T15:03:36.906Z

Reserved: 2026-04-05T15:29:51.352Z

Link: CVE-2026-5612

cve-icon Vulnrichment

Updated: 2026-04-06T15:03:32.977Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-06T03:16:07.790

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5612

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:34Z

Weaknesses