CVE-2026-5612
Stack-Based Buffer Overflow in Belkin F9K1015 Remote Form Handler
Publication date: 2026-04-06
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1015_firmware | 1.00.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Belkin F9K1015 firmware version 1.00.10, specifically in the formWlEncrypt function of the web interface.
The function reads a user-supplied parameter named "webpage" and assigns it to a variable that is then passed to the strcpy function without any bounds checking.
Because strcpy does not check the length of the input, an attacker can send a crafted HTTP POST request with an excessively long "webpage" parameter to the /goform/formWlEncrypt endpoint, causing a stack-based buffer overflow.
This overflow can lead to denial of service or remote code execution on the device.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an attacker to perform a denial of service (DoS) attack, making the device unavailable.
More critically, it can enable remote code execution, allowing the attacker to run arbitrary code on the affected device remotely.
This could lead to full compromise of the device, potentially allowing unauthorized access to network resources or further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the /goform/formWlEncrypt endpoint of the Belkin F9K1015 device and observing its response or behavior.
A detection method involves sending a POST request with an excessively long "webpage" parameter to test for a stack-based buffer overflow.
An example command using curl to test this is:
- curl -X POST http://[device_ip]/goform/formWlEncrypt -d "webpage=$(python3 -c 'print("a"*1000)')"
Replace [device_ip] with the IP address of the target Belkin F9K1015 device. If the device crashes, becomes unresponsive, or behaves abnormally, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable device's web interface to trusted networks only, such as by using firewall rules or network segmentation.
Avoid exposing the device's management interface to the internet or untrusted networks.
Monitor the device for unusual behavior or crashes that may indicate exploitation attempts.
Since the vendor has not responded or provided a patch, consider replacing the device or disabling the vulnerable service if possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.