CVE-2026-5614
Stack-Based Buffer Overflow in Belkin F9K1015 Remote Password Set
Publication date: 2026-04-06
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| belkin | f9k1015_firmware | 1.00.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including:
- Denial of Service (DoS): An attacker can crash the router, causing network disruption.
- Remote Code Execution (RCE): An attacker can execute arbitrary code on the device remotely, potentially taking full control of the router.
- Compromise of network security: With control over the router, attackers can intercept, modify, or redirect network traffic.
- Potential further attacks on connected devices or networks due to compromised router.
Can you explain this vulnerability to me?
CVE-2026-5614 is a critical security vulnerability in the Belkin F9K1015 router firmware version 1.00.10. It is a stack-based buffer overflow found in the web interface, specifically in the formSetPassword function. The vulnerability arises because the function copies a user-supplied parameter named "webpage" into a buffer without checking its length, using the unsafe strcpy function. This allows an attacker to send an excessively long "webpage" parameter in a POST request to the /goform/formSetPassword endpoint, causing the buffer to overflow.
Exploiting this vulnerability can lead to denial of service (DoS) or remote code execution (RCE) on the affected device, meaning an attacker could crash the device or run arbitrary code remotely.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the vulnerable endpoint /goform/formSetPassword with an excessively long "webpage" parameter. Monitoring network traffic for such suspicious POST requests targeting this endpoint may help identify exploitation attempts.
A practical detection method is to use a command-line tool like curl to send a test POST request with a large payload in the "webpage" parameter and observe the device's response or behavior.
- curl -X POST http://<device-ip>/goform/formSetPassword -d "webpage=$(python3 -c 'print("A"*1000)')"
If the device crashes, becomes unresponsive, or behaves abnormally after this request, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable web interface endpoint /goform/formSetPassword by implementing network-level controls such as firewall rules or access control lists to limit access only to trusted hosts.
Additionally, monitoring for unusual POST requests to this endpoint and disabling remote management features if not required can reduce the attack surface.
Since the vendor has not responded with a patch, consider isolating the affected device from untrusted networks until a fix or firmware update is available.