Cyber Resilience

CVE-2026-4167

High

Published: 16 March 2026

Published
16 March 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0046 36.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-4167 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-4167 is a stack-based buffer overflow vulnerability in the formReboot function of the /goform/formReboot file within Belkin F9K1122 firmware version 1.00.33. The issue arises from improper handling of the 'webpage' argument, allowing manipulated input to trigger the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction and low attack complexity. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially leading to full device compromise such as arbitrary code execution.

Advisories from VulDB and referenced GitHub repositories indicate that a proof-of-concept exploit is publicly available, and the vendor was notified early but provided no response or patch. No mitigations or firmware updates are documented in the provided references.

EU & UK References

Vulnerability details

A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and…

more

may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in public web form (/goform/formReboot) enables remote post-auth RCE on network device, directly supporting T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) from low-priv web session to full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3729Shared CWE-119, CWE-121
CVE-2026-4489Shared CWE-119, CWE-121
CVE-2026-6133Shared CWE-119, CWE-121
CVE-2026-4553Shared CWE-119, CWE-121
CVE-2026-2905Shared CWE-119, CWE-121
CVE-2026-5608Shared CWE-119, CWE-121
CVE-2026-6124Shared CWE-119, CWE-121
CVE-2026-2928Shared CWE-119, CWE-121
CVE-2026-2853Shared CWE-119, CWE-121
CVE-2026-2885Shared CWE-119, CWE-121

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the 'webpage' argument in the formReboot function to prevent stack-based buffer overflows from improper input handling.

prevent

Implements memory safeguards such as stack canaries, ASLR, or DEP to protect against unauthorized code execution from stack buffer overflows.

prevent

Provides a process to identify, prioritize, and remediate the documented buffer overflow flaw in the Belkin firmware, including applying patches or workarounds.

References