CVE-2025-61941
Description
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Path traversal in Buffalo WXR9300BE6P series firmware allows admin users to alter arbitrary files and execute OS commands.
Vulnerability
A path traversal vulnerability (CWE-22) exists in Buffalo WXR9300BE6P series firmware prior to version 1.10 [1]. This flaw allows an administrative user to traverse the file system and alter arbitrary files.
Exploitation
An attacker must have administrative access to the device's management interface. Once logged in, the attacker can craft requests to write files outside the intended directory, potentially modifying system files [2].
Impact
Successful exploitation enables the attacker to alter arbitrary files, which can lead to arbitrary OS command execution [1][2]. This could result in full compromise of the device.
Mitigation
Buffalo has released firmware version 1.10 to address this issue. Users should update their devices to the latest firmware to protect against potential attacks [1][2].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.