CVE-2026-4167
Published: 16 March 2026
Summary
CVE-2026-4167 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-4167 is a stack-based buffer overflow vulnerability in the formReboot function of the /goform/formReboot file within Belkin F9K1122 firmware version 1.00.33. The issue arises from improper handling of the 'webpage' argument, allowing manipulated input to trigger the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring no user interaction and low attack complexity. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially leading to full device compromise such as arbitrary code execution.
Advisories from VulDB and referenced GitHub repositories indicate that a proof-of-concept exploit is publicly available, and the vendor was notified early but provided no response or patch. No mitigations or firmware updates are documented in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12210
Vulnerability details
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and…
more
may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in public web form (/goform/formReboot) enables remote post-auth RCE on network device, directly supporting T1190 (Exploit Public-Facing Application) for initial access and T1068 (Exploitation for Privilege Escalation) from low-priv web session to full device compromise.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly validates the 'webpage' argument in the formReboot function to prevent stack-based buffer overflows from improper input handling.
Implements memory safeguards such as stack canaries, ASLR, or DEP to protect against unauthorized code execution from stack buffer overflows.
Provides a process to identify, prioritize, and remediate the documented buffer overflow flaw in the Belkin firmware, including applying patches or workarounds.