FKIE_CVE-2026-33280
Vulnerability from fkie_nvd - Published: 2026-03-27 06:16 - Updated: 2026-03-31 19:03
Severity ?
Summary
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
References
| URL | Tags | ||
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN83788689/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.buffalo.jp/news/detail/20260323-01.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wcr-1166dhpl_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70DE69B3-85D4-4FEF-AC34-3ED1BCA72455",
"versionEndExcluding": "1.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wcr-1166dhpl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52B41DFC-E60C-4BFF-8AB2-C6FB67194F98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wsr3600be4-kh_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57CD1A07-ADEB-43C6-BBD6-50F5CA3A1AAF",
"versionEndExcluding": "6.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wsr3600be4-kh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3EE1F5-07F2-428D-B5EB-071657EBCA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wsr3600be4p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6610DCC-EAEC-4464-880A-F19D7D823FEA",
"versionEndExcluding": "5.02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wsr3600be4p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD39E5F5-860E-4532-8E83-A6E36B30510E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-1750dhp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED9D3D6-D64E-4E23-ACAF-02183CC8C619",
"versionEndExcluding": "2.63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-1750dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22CD8F33-A455-4E4B-9351-CBBDA511E9D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-1750dhp2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0530F376-C6FB-40CB-8F2B-C669EF97485F",
"versionEndExcluding": "2.63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-1750dhp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7114614E-63C7-43DF-B778-CCDC4B753CA7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr18000be10p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C778B15C-D7A4-4671-8BE7-A46F0F2A010D",
"versionEndExcluding": "5.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr18000be10p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "873F681B-D7E9-47C3-BD50-FFBA545BF19D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-1900dhp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3833629-E892-4522-A641-930FE1DF04FD",
"versionEndExcluding": "2.53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-1900dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2F4145-1A55-41CE-9358-0192B69CA8E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-1900dhp2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47EA0EBF-EB1F-450B-8E44-E61768A647E1",
"versionEndExcluding": "2.62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-1900dhp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "519FDA6D-520A-4FF9-A1FC-3144CB24B7D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-1900dhp3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "060538D8-4D22-4BDB-8032-5C8388637508",
"versionEndExcluding": "2.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-1900dhp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E5F5D9D-27F8-463E-B2B8-F4E77FAC648B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-5950ax12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3619D0E7-E58D-4920-A1A4-8BD83534F6D5",
"versionEndExcluding": "3.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-5950ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703CB818-F27B-4981-A8F3-D5DD400767A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-6000ax12b_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6107C437-069C-4090-958D-D4FA5F78C349",
"versionEndExcluding": "3.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-6000ax12b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94539115-283E-4C54-A51F-D519F48B2FB2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-6000ax12p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8706D545-7D8A-41FF-91FF-2C82554068F9",
"versionEndExcluding": "3.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-6000ax12p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7BA869-029D-406B-B663-ADA58B94C8A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wxr-6000ax12s_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5250BC1-81E7-48C5-9363-AC3A55A02CE6",
"versionEndExcluding": "3.57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wxr-6000ax12s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F718396-BB2C-4DA2-823B-178EC0F9101C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-1166dhp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58B5B299-15EE-4ADB-ABD9-ADAF4E432006",
"versionEndExcluding": "2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-1166dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98CE6294-43B2-4043-98A5-BCCAF17214C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-1166dhp2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2E92E3E-315E-4482-B404-29E460BB220D",
"versionEndExcluding": "2.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-1166dhp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "740500B4-8CEC-4044-8FE7-194FD0894534",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-1750dhp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C72B17A-BBD3-430E-914D-D2E77254F969",
"versionEndExcluding": "2.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-1750dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55459AEE-CE6D-4A4B-9B59-572EDFD51984",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-1750dhp2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DC3840D-47FD-4C70-B4CF-0B00B42799D7",
"versionEndExcluding": "2.33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-1750dhp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBFF4B91-1173-4346-A1ED-60B37F7B44DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-s1750dhp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D174F69-BC6E-435A-8A7C-CA33DD829A1D",
"versionEndExcluding": "2.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-s1750dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2F15AE-7A2C-46C0-8961-10180279FEB5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wrm-d2133hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06640D46-FE11-491A-83B5-5C4113823DED",
"versionEndExcluding": "3.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wrm-d2133hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7230C72-57D3-4C1C-8DCD-121926C018AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wrm-d2133hs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "259E1929-93EB-41B8-8C13-862300230FBA",
"versionEndExcluding": "3.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wrm-d2133hs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "346D031C-A92D-4D59-A15B-994A2D69BD8C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wtr-m2133hp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E4C5694-04B1-47A2-BEAD-40BE6D43279E",
"versionEndExcluding": "3.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wtr-m2133hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57A0A9C4-964B-4170-9CA5-2FAB65BE6E2B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wtr-m2133hs_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51BDED0A-BC25-43FD-AE54-451F5EF29BAB",
"versionEndExcluding": "3.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wtr-m2133hs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADB3632-6A5D-420A-8FB8-FAA6BB8A50F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wem-1266_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7EDE52-D795-4C10-A8F1-ADCB31A0A359",
"versionEndExcluding": "2.87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wem-1266:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F40FA714-2CD3-40B6-8F19-F0DE25320AF9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wem-1266wp_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1E67DFA-16D9-41B9-8686-F2319174248E",
"versionEndExcluding": "2.87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wem-1266wp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4988258A-FDA2-4402-A917-A9741D32FD79",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:vr-u300w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF9890A3-663A-4992-AB25-EB479C3212D0",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:vr-u300w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD4231B-5E7C-429E-9E0C-8CD3C6640FD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:vr-u500x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34DA3705-4BEB-40F9-95F6-9BFEB6CDB641",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:vr-u500x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A81286-64F0-4748-8BC4-57E0737FB7F7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-1266r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "381BE4D5-F1DE-4E99-974E-AABD2BF0EAF1",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-1266r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC85B49-6F64-4514-9466-E896D92FB33E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-1266wdpr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A917E9-5D21-43C2-B005-9708D2D9BF66",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-1266wdpr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A04A468D-CD3A-47EF-96A4-E653A1CF2AB0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-1266wdpra_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "848F228C-0DB2-4683-9FAD-C2A3983E0161",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-1266wdpra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7195B49B-00B5-4F43-A1A5-038B155667BA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-1750d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9BB1BB-E3BD-4C17-A7EF-9A7941A84976",
"versionEndExcluding": "1.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-1750d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47AD091A-8AC5-49B4-AD77-8B325C5A47DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-2133r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "565EA741-24AC-4D03-9CCE-E2DC310A9CC7",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-2133r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BA15CF1-F1A5-491B-8BA3-450D0205FB03",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-2133tr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89FD7298-F6B5-4CF5-9CD2-482E4DF648AB",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-2133tr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75EB5E4D-45BC-4805-8B96-7386F38ACED3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-ax4r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01CA1028-7357-4C17-98E3-228155EB02BA",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-ax4r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06093D67-369A-4A85-8669-699E526EDE5C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-ax8r_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0E48ED-DD3F-428E-8F92-3D2C360E9CB1",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-ax8r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FAC875-FA4E-4F5C-BB45-1850A472B188",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wapm-axetr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE54C16D-A1BB-4545-91C2-0E1C51CCE05A",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wapm-axetr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "801BACC4-D599-4FF8-9E69-CF78EEA9DAF4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:waps-1266_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76BB0D3E-6F8B-420D-8ACC-26BAED31E1B7",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:waps-1266:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C43BE0-B5D9-42F3-850F-E613C25F512F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:waps-ax4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7887E1FC-51A6-4BB6-A778-D8AD0FB4E2E4",
"versionEndExcluding": "1.42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:waps-ax4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "971A3821-760E-4B4E-AB8D-57EF1BCC743D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:fs-m1266_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51510CF5-ACDB-4111-8427-B6C4A168025F",
"versionEndExcluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:fs-m1266:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43994150-6056-4560-89F3-9D9B4B5BEF7C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:fs-s1266_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94EFF27A-665B-406E-AC0D-43FD4CE35F5C",
"versionEndExcluding": "4.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:fs-s1266:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC69059-F0B0-4480-B882-D23847CC0D39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-600dhp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0090140-CA70-4747-A5E9-A9AF00FC8AE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06AF9040-7F63-4E80-82DD-7448320BC940",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-600dhp2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C78A3795-B001-403E-AECB-F2110B784B42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-600dhp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9271B665-2267-4C24-92FD-B1CBCB2F0F59",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-600dhp3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "61C5E983-8161-4DDD-9122-C30D8E056AD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-600dhp3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "303225E6-81C0-4A2F-81A3-51E508DDA0EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-900dhp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D219F2A-2A04-4305-A3AF-2DA61F760E0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-900dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8BD47F3-29D0-4B34-A346-C0042FBD75ED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-900dhp2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E509B551-A2AB-4483-9111-EEB0433EE430",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-900dhp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "247B99DF-EE96-40C3-89FC-706DE878ABFE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-s600dhp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "980BCDBD-BDF1-429A-A24B-51B4DE26D429",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-s600dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75434B7A-2633-4981-B99D-33448883BC61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:buffalo:wzr-s900dhp_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB08C247-2C08-4E90-9D26-D6FC878E7FDC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:buffalo:wzr-s900dhp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C186F6-8DE5-4C82-8403-D3BB76069FCE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product\u2019s debugging functionality, resulting in the execution of arbitrary OS commands."
}
],
"id": "CVE-2026-33280",
"lastModified": "2026-03-31T19:03:40.647",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "vultures@jpcert.or.jp",
"type": "Secondary"
}
]
},
"published": "2026-03-27T06:16:38.837",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN83788689/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "https://www.buffalo.jp/news/detail/20260323-01.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-912"
}
],
"source": "vultures@jpcert.or.jp",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…