buffalo inc.

Top products

The 15 most recently published vulnerabilities affecting buffalo inc..

• CVE-2026-33366Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.5.3Mar 27, 2026
• CVE-2026-33280Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS...9.8Mar 27, 2026
• CVE-2026-32678Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.7.5Mar 27, 2026
• CVE-2026-32669Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.9.8Mar 27, 2026
• CVE-2026-27650OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.9.8Mar 27, 2026
• CVE-2025-46413Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an atta...4.3Nov 7, 2025
• CVE-2025-61941A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbit...7.2Oct 15, 2025
• CVE-2025-61871NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitra...6.7Oct 10, 2025
• CVE-2024-44072OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected ...5.7Sep 10, 2024
• CVE-2024-26023OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.4.2Apr 15, 2024
• CVE-2024-23486Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configur...9.8Apr 15, 2024
• CVE-2023-51363VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.6.5Dec 26, 2023
• CVE-2023-46711VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.4.6Dec 26, 2023
• CVE-2023-46681Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the pr...7.8Dec 26, 2023
• CVE-2023-45741VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.6.8Dec 26, 2023