Cyber Resilience

CVE-2026-5043

HighPublic PoC

Published: 29 March 2026

Published
29 March 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0079 51.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5043 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1122 Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 48.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-5043 is a stack-based buffer overflow vulnerability in the formSetPassword function within the /goform/formSetPassword file of the Parameter Handler component on the Belkin F9K1122 router running firmware version 1.00.33. The flaw arises from manipulation of the "webpage" argument, enabling remote exploitation. It is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-121 (Stack-based Buffer Overflow), and CWE-787 (Out-of-bounds Write), and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges, such as an authenticated user with network access to the device, can remotely exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and denial of service through availability disruption, potentially leading to full remote code execution on the affected router.

Advisories from sources like VulDB indicate that the vendor was contacted early regarding this issue but provided no response, with no patches or mitigations released. An exploit is publicly available via a GitHub repository, increasing the risk of active attacks against unpatched devices.

EU & UK References

Vulnerability details

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack…

more

is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Stack-based buffer overflow in router web form (/goform/formSetPassword) enables remote authenticated RCE from low-priv access, mapping directly to public-facing web app exploitation and priv-escalation via memory corruption.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-5608Same product: Belkin F9K1122
CVE-2026-5044Same product: Belkin F9K1122
CVE-2026-5042Same product: Belkin F9K1122
CVE-2026-5612Same vendor: Belkin
CVE-2026-5613Same vendor: Belkin
CVE-2026-5629Same vendor: Belkin
CVE-2026-5628Same vendor: Belkin
CVE-2026-5614Same vendor: Belkin
CVE-2026-5611Same vendor: Belkin
CVE-2026-5610Same vendor: Belkin

Affected Assets

belkin
f9k1122 firmware
1.00.33

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly validates the 'webpage' argument in the formSetPassword function to prevent stack-based buffer overflow exploitation.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate stack-based buffer overflows in the Parameter Handler.

preventrecover

Requires timely remediation of the identified buffer overflow flaw through firmware patching or replacement to eliminate the vulnerability.

References