Platform
linux
Component
belkin-f9k1015
CVE-2026-5628 describes a stack-based buffer overflow vulnerability affecting the Belkin F9K1015 router running firmware version 1.00.10. This flaw allows for remote exploitation through manipulation of the 'webpage' argument within the /goform/formSetSystemSettings endpoint. The vulnerability has been publicly disclosed, raising concerns about potential active exploitation and impacting network security.
Successful exploitation of CVE-2026-5628 allows an attacker to execute arbitrary code on the vulnerable Belkin F9K1015 router. This could lead to complete compromise of the device, enabling attackers to intercept network traffic, modify router configurations, launch attacks against other devices on the network, or exfiltrate sensitive data. Given the router's role in network connectivity, a successful attack could have a significant impact on the confidentiality, integrity, and availability of the entire network. The public disclosure of the exploit increases the likelihood of widespread exploitation.
CVE-2026-5628 is a publicly disclosed vulnerability with a known exploit. It has been added to the CISA KEV catalog, indicating a high probability of exploitation. The lack of a vendor response and the public availability of the exploit suggest that attackers are actively seeking to exploit this vulnerability. The vulnerability's ease of exploitation and the potential impact make it a high-priority target for malicious actors.
Exploit Status
EPSS
0.05% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5628 is to upgrade the Belkin F9K1015 router to a patched firmware version. Unfortunately, no patched firmware has been released by Belkin. As a temporary workaround, consider implementing strict firewall rules to restrict access to the /goform/formSetSystemSettings endpoint from untrusted sources. Monitor router logs for any unusual activity or attempts to exploit the vulnerability. While a WAF might offer some protection, its effectiveness against this specific buffer overflow is uncertain. After attempting any configuration changes, verify the router's functionality and security posture by attempting to access the management interface and confirming that unauthorized access is prevented.
Update the firmware of the Belkin F9K1015 device to the latest version available from the manufacturer. Review the manufacturer's documentation for specific instructions on how to update the firmware. Since the vendor has not responded, it is recommended to contact Belkin technical support for assistance.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5628 is a HIGH severity buffer overflow vulnerability in the Belkin F9K1015 router, allowing remote code execution through manipulation of the 'webpage' argument. It affects firmware version 1.00.10.
You are affected if you are using a Belkin F9K1015 router running firmware version 1.00.10. No patch is currently available.
Upgrade to a patched firmware version. Unfortunately, no patched firmware has been released by Belkin. Implement firewall rules to restrict access to the vulnerable endpoint as a temporary workaround.
Yes, the vulnerability is publicly disclosed and added to the CISA KEV catalog, indicating a high probability of active exploitation.
As of the disclosure date, Belkin has not released an official advisory for CVE-2026-5628.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.