VYPR
Vendor

Buffalotech

Products
140
CVEs
78
Across products
192
Status
Private

Products

140
View all 140 products →

Recent CVEs

78
View all 78 CVEs →
  • CVE-2026-45779CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or…

  • CVE-2026-45777CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This…

  • CVE-2026-33280CriMar 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.

  • CVE-2026-32669CriMar 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

  • CVE-2026-27650CriMar 27, 2026
    risk 0.64cvss 9.8epss 0.01

    OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

  • CVE-2017-2126CriJul 22, 2017
    risk 0.64cvss 9.8epss 0.04

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.

  • CVE-2018-0556HigApr 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-0554HigApr 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

  • CVE-2018-0523HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2018-0521HigMar 9, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.

  • CVE-2017-2273HigJul 22, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2016-7824HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.02

    Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.

  • CVE-2016-7822HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.

  • CVE-2016-1134HigJan 22, 2016
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices…

  • CVE-2018-0555HigApr 9, 2018
    risk 0.51cvss 7.8epss 0.02

    Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.

  • CVE-2018-0522HigMar 9, 2018
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file.

  • CVE-2026-32678HigMar 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

  • CVE-2025-26167HigMar 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.

  • CVE-2016-4815HigJun 19, 2016
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2025-61941HigOct 15, 2025
    risk 0.47cvss 7.2epss 0.00

    A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.