Belkin Vulnerability Vendor: Belkin Product: F9K1122 Version: 1.00.33 Type: Stack Overflow Author: Jiaqian Peng Email: pengjiaqian@iie.ac.cn Institution: Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS) Vulnerability Description We found a stack overflow vulnerability in Belkin router firmware which was released recently, allowing remote attackers to crash the server. Stack Overflow In binary: In the router's function, is directly passed by the attacker. If this part of the data is too long, it will cause the stack overflow, so we can control the to execute arbitrary code. As you can see here, the input has not been checked. The parameter is directly copied to a local variable placed on the stack, which overrides the return address of the function, causing buffer overflow. PoC We set as , and the router will crash, such as: Result The target router crashes and cannot provide services correctly and persistently.