CVE-2026-4167
Stack-Based Buffer Overflow in Belkin F9K1122 Remote Reboot
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1122 | 1.00.33 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-4167 is a critical stack-based buffer overflow vulnerability found in the Belkin F9K1122 router, version 1.00.33. It affects the function formReboot in the file /goform/formReboot. The vulnerability occurs because the function improperly handles the "webpage" argument, copying it into a fixed-size buffer without checking its length. This unchecked copy operation causes a stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'This overflow can be triggered remotely without authentication by sending a specially crafted request to the affected endpoint, potentially allowing an attacker to cause a denial of service or execute remote code on the device.'}, {'type': 'paragraph', 'content': 'The vulnerability has been publicly disclosed with proof-of-concept exploits available, and the vendor did not respond or provide a patch.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected Belkin F9K1122 router.
- An attacker can remotely exploit the vulnerability without authentication.
- It can lead to denial of service (DoS), making the device unavailable.
- It may allow remote code execution, enabling an attacker to take control of the device.
Because the vendor has not provided any patch or mitigation, the risk remains until the device is replaced or otherwise protected.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests sent to the endpoint /goform/formReboot with an unusually long or malformed "webpage" parameter. Such requests may indicate attempts to exploit the stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic targeting the affected router, specifically looking for POST requests to /goform/formReboot containing large payloads in the "webpage" parameter.'}, {'type': 'list_item', 'content': 'Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to /goform/formReboot.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formReboot'"}, {'type': 'list_item', 'content': 'Inspect captured HTTP POST requests for the presence of a "webpage" parameter with an abnormally large value.'}, {'type': 'paragraph', 'content': 'Additionally, reviewing router logs for repeated or malformed requests to /goform/formReboot may help identify exploitation attempts.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Since no patches or official vendor mitigations are available for this vulnerability, immediate mitigation steps include limiting exposure of the affected device to untrusted networks.'}, {'type': 'list_item', 'content': "Restrict remote access to the router's web interface, especially blocking access to the /goform/formReboot endpoint from outside trusted networks."}, {'type': 'list_item', 'content': 'Implement network-level protections such as firewall rules or intrusion detection/prevention systems to detect and block exploit attempts targeting this vulnerability.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious POST requests to /goform/formReboot and respond accordingly.'}, {'type': 'paragraph', 'content': 'Ultimately, consider replacing the affected Belkin F9K1122 router with a device that is not vulnerable, as no vendor response or patch has been provided.'}] [1]