buffalo

Top products

The 15 most recently published vulnerabilities affecting buffalo.

• CVE-2026-45779Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise9.8Jun 5, 2026
• CVE-2026-45778Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset5.4Jun 5, 2026
• CVE-2026-45777Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection9.8Jun 5, 2026
• CVE-2026-45776Open XDMoD has Broken Access Control via Client-Controlled Session Variable4.3Jun 5, 2026
• CVE-2026-33366Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.5.3Mar 27, 2026
• CVE-2026-33280Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS...9.8Mar 27, 2026
• CVE-2026-32678Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.7.5Mar 27, 2026
• CVE-2026-32669Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.9.8Mar 27, 2026
• CVE-2026-27650OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.9.8Mar 27, 2026
• CVE-2026-29516Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure4.9Mar 16, 2026
• CVE-2024-26023OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.4.2Apr 15, 2024
• CVE-2024-23486Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configur...9.8Apr 15, 2024
• CVE-2023-49038Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.7.2Jan 29, 2024
• CVE-2023-51073An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh.8.1Jan 11, 2024
• CVE-2023-51363VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.6.5Dec 26, 2023