Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
1 vulnerability found for Multiple BUFFALO Wi-Fi router products by BUFFALO INC.
JVNDB-2026-000046
Vulnerability from jvndb - Published: 2026-03-27 17:18 - Updated:2026-03-27 17:18
Severity ?
Summary
Multiple vulnerabilities in BUFFALO Wi-Fi routers
Details
Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below.
- Dependency on vulnerable third-party component (CWE-1395) - This issue is caused by a vulnerability in mini_httpd (CVE-2015-1548).
- OS command injection (CWE-78) - CVE-2026-27650
- Code injection (CWE-94) - CVE-2026-32669
- Authentication bypass using an alternate path or channel (CWE-288) - CVE-2026-32678
- Hidden functionality (CWE-912) - CVE-2026-33280
- Missing authentication for critical function (CWE-306) - CVE-2026-33366
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000046.html",
"dc:date": "2026-03-27T17:18+09:00",
"dcterms:issued": "2026-03-27T17:18+09:00",
"dcterms:modified": "2026-03-27T17:18+09:00",
"description": "Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below.\u003ca href=\u0027https://cwe.mitre.org/data/definitions/1395.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/78.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/94.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/288.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027http://cwe.mitre.org/data/definitions/912.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003ca href=\u0027https://cwe.mitre.org/data/definitions/306.html\u0027 target=\u0027_blank\u0027\u003e\u003c/a\u003e\u003cul\u003e\u003cli\u003eDependency on vulnerable third-party component (CWE-1395) - This issue is caused by a vulnerability in mini_httpd (CVE-2015-1548).\u003c/li\u003e\u003cli\u003eOS command injection (CWE-78) - CVE-2026-27650\u003c/li\u003e\u003cli\u003eCode injection (CWE-94) - CVE-2026-32669\u003c/li\u003e\u003cli\u003eAuthentication bypass using an alternate path or channel (CWE-288) - CVE-2026-32678\u003c/li\u003e\u003cli\u003eHidden functionality (CWE-912) - CVE-2026-33280\u003c/li\u003e\u003cli\u003eMissing authentication for critical function (CWE-306) - CVE-2026-33366\u003c/li\u003e\u003c/ul\u003eCVE-2015-1548\r\nJustus W. Perlwitz of JWP Consulting reported this vulnerability to BUFFALO INC. and coordinated.\r\nAfter the coordination was completed, BUFFALO INC. reported the case to JPCERT/CC to notify users of the solution through JVN.\r\n\r\nCVE-2026-27650\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-32669\r\nKoji Ando and KIRISHIKI Yudai of National Institute of Information and Communications Technology reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2026-32678, CVE-2026-33280, CVE-2026-33366\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-000046.html",
"sec:cpe": {
"#text": "cpe:/o:buffalo_inc:buffalo_wi-fi_router",
"@product": "Multiple BUFFALO Wi-Fi router products",
"@vendor": "BUFFALO INC.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2026-000046",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN83788689/index.html",
"@id": "JVN#83788689",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-27650",
"@id": "CVE-2026-27650",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32669",
"@id": "CVE-2026-32669",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-32678",
"@id": "CVE-2026-32678",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33280",
"@id": "CVE-2026-33280",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2026-33366",
"@id": "CVE-2026-33366",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in BUFFALO Wi-Fi routers"
}