Vendor
Buffalo
Products
73
CVEs
12
Across products
280
Status
Private
Products
73- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- + 43 more — see CVE list below for full coverage.
Recent CVEs
12| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2126 | Cri | 0.65 | 9.8 | 0.13 | Jul 22, 2017 | WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. | |
| CVE-2026-33280 | Cri | 0.64 | 9.8 | 0.00 | Mar 27, 2026 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands. | |
| CVE-2026-32669 | Cri | 0.64 | 9.8 | 0.00 | Mar 27, 2026 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | |
| CVE-2026-27650 | Cri | 0.64 | 9.8 | 0.00 | Mar 27, 2026 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | |
| CVE-2017-2273 | Hig | 0.57 | 8.8 | 0.00 | Jul 22, 2017 | Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |
| CVE-2026-32678 | Hig | 0.49 | 7.5 | 0.00 | Mar 27, 2026 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | |
| CVE-2016-4815 | Hig | 0.49 | 7.5 | 0.00 | Jun 19, 2016 | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |
| CVE-2016-4816 | Med | 0.42 | 6.5 | 0.00 | Jun 19, 2016 | BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | |
| CVE-2017-10896 | Med | 0.40 | 6.1 | 0.00 | Dec 8, 2017 | Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2017-2274 | Med | 0.40 | 6.1 | 0.00 | Jul 22, 2017 | Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |
| CVE-2026-33366 | Med | 0.34 | 5.3 | 0.00 | Mar 27, 2026 | Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication. | |
| CVE-2017-10897 | Med | 0.29 | 4.5 | 0.00 | Dec 8, 2017 | Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. |