Buffalotech
Products
140- 11 CVEs
- 9 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- View all 140 products →
Recent CVEs
78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45779 | Cri | 0.64 | 9.8 | 0.00 | Jun 5, 2026 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or… | ||
| CVE-2026-45777 | Cri | 0.64 | 9.8 | 0.00 | Jun 5, 2026 | OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This… | ||
| CVE-2026-33280 | Cri | 0.64 | 9.8 | 0.00 | Mar 27, 2026 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands. | ||
| CVE-2026-32669 | Cri | 0.64 | 9.8 | 0.00 | Mar 27, 2026 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | ||
| CVE-2026-27650 | Cri | 0.64 | 9.8 | 0.01 | Mar 27, 2026 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | ||
| CVE-2017-2126 | Cri | 0.64 | 9.8 | 0.04 | Jul 22, 2017 | WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. | ||
| CVE-2018-0556 | Hig | 0.57 | 8.8 | 0.01 | Apr 9, 2018 | Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-0554 | Hig | 0.57 | 8.8 | 0.01 | Apr 9, 2018 | Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | ||
| CVE-2018-0523 | Hig | 0.57 | 8.8 | 0.01 | Mar 9, 2018 | Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-0521 | Hig | 0.57 | 8.8 | 0.01 | Mar 9, 2018 | Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | ||
| CVE-2017-2273 | Hig | 0.57 | 8.8 | 0.01 | Jul 22, 2017 | Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||
| CVE-2016-7824 | Hig | 0.57 | 8.8 | 0.02 | Jun 9, 2017 | Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | ||
| CVE-2016-7822 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2017 | Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. | ||
| CVE-2016-1134 | Hig | 0.57 | 8.8 | 0.01 | Jan 22, 2016 | Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices… | ||
| CVE-2018-0555 | Hig | 0.51 | 7.8 | 0.02 | Apr 9, 2018 | Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | ||
| CVE-2018-0522 | Hig | 0.51 | 7.8 | 0.01 | Mar 9, 2018 | Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | ||
| CVE-2026-32678 | Hig | 0.49 | 7.5 | 0.00 | Mar 27, 2026 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | ||
| CVE-2025-26167 | Hig | 0.49 | 7.5 | 0.00 | Mar 6, 2025 | Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files. | ||
| CVE-2016-4815 | Hig | 0.49 | 7.5 | 0.02 | Jun 19, 2016 | Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2025-61941 | Hig | 0.47 | 7.2 | 0.00 | Oct 15, 2025 | A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration. |
- risk 0.64cvss 9.8epss 0.00
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or…
- risk 0.64cvss 9.8epss 0.00
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This…
- risk 0.64cvss 9.8epss 0.00
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
- risk 0.64cvss 9.8epss 0.00
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
- risk 0.64cvss 9.8epss 0.01
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
- risk 0.64cvss 9.8epss 0.04
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices…
- risk 0.51cvss 7.8epss 0.02
Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
- risk 0.51cvss 7.8epss 0.01
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
- risk 0.49cvss 7.5epss 0.00
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
- risk 0.49cvss 7.5epss 0.00
Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
- risk 0.47cvss 7.2epss 0.00
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.