CVE-2026-5610
Published: 06 April 2026
Summary
CVE-2026-5610 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Belkin F9K1015 Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 requires validating inputs such as the 'webpage' argument to prevent crafted requests from triggering the stack-based buffer overflow.
SI-16 enforces memory protections like stack canaries or DEP to block arbitrary code execution from stack-based buffer overflow exploits.
SI-2 mandates timely identification, reporting, and correction of flaws like this buffer overflow via firmware patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote stack-based buffer overflow in a web form handler (/goform/formWISP5G) on a publicly accessible router interface, directly enabling T1190: Exploit Public-Facing Application to achieve arbitrary code execution and full device compromise.
NVD Description
A vulnerability has been found in Belkin F9K1015 1.00.10. Affected by this issue is the function formWISP5G of the file /goform/formWISP5G. Such manipulation of the argument webpage leads to stack-based buffer overflow. It is possible to launch the attack remotely.…
more
The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-5610 is a stack-based buffer overflow vulnerability in the Belkin F9K1015 router running firmware version 1.00.10. The flaw affects the formWISP5G function in the /goform/formWISP5G file, triggered by manipulation of the "webpage" argument. Published on April 6, 2026, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).
An attacker with network access and low privileges can exploit this vulnerability remotely without user interaction. Exploitation involves sending crafted requests to the affected endpoint, leading to a stack-based buffer overflow that could enable arbitrary code execution, potentially resulting in full compromise of the device with high impacts on confidentiality, integrity, and availability.
VulDB advisories and a related GitHub repository detail the vulnerability, noting that a public exploit has been disclosed and may be actively used. The vendor was contacted early about the issue but provided no response, and no patches or official mitigations are referenced in the available sources. Security practitioners should isolate affected devices and monitor for exploitation attempts.
Details
- CWE(s)