← Back

Buffalo

buffalo

56 CVEs • 361 products

Products (361)

Click to collapse
Toggle
Wzr 600dhp Firmware
wzr-600dhp_firmware
11 CVEs
Wzr 900dhp Firmware
wzr-900dhp_firmware
10 CVEs
Wzr 1750dhp2 Firmware
wzr-1750dhp2_firmware
10 CVEs
Wzr 600dhp2 Firmware
wzr-600dhp2_firmware
9 CVEs
Wxr 1900dhp2 Firmware
wxr-1900dhp2_firmware
9 CVEs
Wzr 900dhp2 Firmware
wzr-900dhp2_firmware
8 CVEs
Wzr 600dhp3 Firmware
wzr-600dhp3_firmware
8 CVEs
Wzr S900dhp Firmware
wzr-s900dhp_firmware
8 CVEs
Wzr S600dhp Firmware
wzr-s600dhp_firmware
8 CVEs
Wxr 1750dhp Firmware
wxr-1750dhp_firmware
7 CVEs
Wzr 1750dhp Firmware
wzr-1750dhp_firmware
7 CVEs
Wzr S1750dhp Firmware
wzr-s1750dhp_firmware
7 CVEs
Wzr 1166dhp2 Firmware
wzr-1166dhp2_firmware
7 CVEs
Wxr 1900dhp Firmware
wxr-1900dhp_firmware
7 CVEs
Wzr 1166dhp Firmware
wzr-1166dhp_firmware
7 CVEs
Ts5600d1206 Firmware
ts5600d1206_firmware
7 CVEs
Hw 450hp Zwe Firmware
hw-450hp-zwe_firmware
6 CVEs
Wzr 450hp Firmware
wzr-450hp_firmware
6 CVEs
Wzr 450hp Cwt Firmware
wzr-450hp-cwt_firmware
6 CVEs
Wzr D1100h Firmware
wzr-d1100h_firmware
6 CVEs
Wzr 300hp Firmware
wzr-300hp_firmware
6 CVEs
Wzr 450hp Ub Firmware
wzr-450hp-ub_firmware
6 CVEs
Wrm D2133hp Firmware
wrm-d2133hp_firmware
6 CVEs
Wrm D2133hs Firmware
wrm-d2133hs_firmware
6 CVEs
Wtr M2133hp Firmware
wtr-m2133hp_firmware
6 CVEs
Wtr M2133hs Firmware
wtr-m2133hs_firmware
6 CVEs
Wxr 1900dhp3 Firmware
wxr-1900dhp3_firmware
6 CVEs
Wxr 5950ax12 Firmware
wxr-5950ax12_firmware
6 CVEs
Wxr 6000ax12b Firmware
wxr-6000ax12b_firmware
6 CVEs
Wxr 6000ax12s Firmware
wxr-6000ax12s_firmware
6 CVEs
Wem 1266 Firmware
wem-1266_firmware
6 CVEs
Wem 1266wp Firmware
wem-1266wp_firmware
6 CVEs
Wxr 1750dhp2 Firmware
wxr-1750dhp2_firmware
6 CVEs
Wzr Hp G450h Firmware
wzr-hp-g450h_firmware
5 CVEs
Wzr Hp G301nh Firmware
wzr-hp-g301nh_firmware
5 CVEs
Whr 300 Firmware
whr-300_firmware
5 CVEs
Wzr Hp G302h Firmware
wzr-hp-g302h_firmware
5 CVEs
Wzr Hp Ag300h Firmware
wzr-hp-ag300h_firmware
5 CVEs
Wpl 05g300 Firmware
wpl-05g300_firmware
5 CVEs
Dwr Hp G300nh Firmware
dwr-hp-g300nh_firmware
5 CVEs
Whr 300hp Firmware
whr-300hp_firmware
5 CVEs
Whr Hp G300n Firmware
whr-hp-g300n_firmware
5 CVEs
Bhr 4grv Firmware
bhr-4grv_firmware
5 CVEs
Wzr Hp G300nh Firmware
wzr-hp-g300nh_firmware
5 CVEs
Fs 600dhp Firmware
fs-600dhp_firmware
5 CVEs
Wsr 2533dhp2 Firmware
wsr-2533dhp2_firmware
5 CVEs
Wsr A2533dhp2 Firmware
wsr-a2533dhp2_firmware
5 CVEs
Wcr 1166dhpl Firmware
wcr-1166dhpl_firmware
5 CVEs
Wsr3600be4 Kh Firmware
wsr3600be4-kh_firmware
5 CVEs
Wsr3600be4p Firmware
wsr3600be4p_firmware
5 CVEs
Wxr18000be10p Firmware
wxr18000be10p_firmware
5 CVEs
Wxr 6000ax12p Firmware
wxr-6000ax12p_firmware
5 CVEs
Vr U300w Firmware
vr-u300w_firmware
5 CVEs
Vr U500x Firmware
vr-u500x_firmware
5 CVEs
Wapm 1266r Firmware
wapm-1266r_firmware
5 CVEs
Wapm 1266wdpr Firmware
wapm-1266wdpr_firmware
5 CVEs
Wapm 1266wdpra Firmware
wapm-1266wdpra_firmware
5 CVEs
Wapm 1750d Firmware
wapm-1750d_firmware
5 CVEs
Wapm 2133r Firmware
wapm-2133r_firmware
5 CVEs
Wapm 2133tr Firmware
wapm-2133tr_firmware
5 CVEs
Wapm Ax4r Firmware
wapm-ax4r_firmware
5 CVEs
Wapm Ax8r Firmware
wapm-ax8r_firmware
5 CVEs
Wapm Axetr Firmware
wapm-axetr_firmware
5 CVEs
Waps 1266 Firmware
waps-1266_firmware
5 CVEs
Waps Ax4 Firmware
waps-ax4_firmware
5 CVEs
Fs M1266 Firmware
fs-m1266_firmware
5 CVEs
Fs S1266 Firmware
fs-s1266_firmware
5 CVEs
Wcr 1166ds Firmware
wcr-1166ds_firmware
4 CVEs
Whr G301n Firmware
whr-g301n_firmware
4 CVEs
Whr Hp Gn Firmware
whr-hp-gn_firmware
4 CVEs
Fs Hp G300n Firmware
fs-hp-g300n_firmware
4 CVEs
Fs R600dhp Firmware
fs-r600dhp_firmware
4 CVEs
Fs G300n Firmware
fs-g300n_firmware
4 CVEs
Wsr 2533dhp Firmware
wsr-2533dhp_firmware
4 CVEs
Wsr 2533dhpl Firmware
wsr-2533dhpl_firmware
4 CVEs
Vr S1000 Firmware
vr-s1000_firmware
4 CVEs
Wcr 300 Firmware
wcr-300_firmware
3 CVEs
Wsr 2533dhpl2 Bk Firmware
wsr-2533dhpl2-bk_firmware
3 CVEs
Wsr 2533dhp3 Bk Firmware
wsr-2533dhp3-bk_firmware
3 CVEs
Wsr 3200ax4s Firmware
wsr-3200ax4s_firmware
3 CVEs
Wsr 3200ax4b Firmware
wsr-3200ax4b_firmware
3 CVEs
Wsr 2533dhp3 Firmware
wsr-2533dhp3_firmware
3 CVEs
Wsr A2533dhp3 Firmware
wsr-a2533dhp3_firmware
3 CVEs
Wsr 2533dhpl2 Firmware
wsr-2533dhpl2_firmware
3 CVEs
Wsr 2533dhpls Firmware
wsr-2533dhpls_firmware
3 CVEs
Bs Gs2008 Firmware
bs-gs2008_firmware
3 CVEs
Bs Gs2016 Firmware
bs-gs2016_firmware
3 CVEs
Bs Gs2024 Firmware
bs-gs2024_firmware
3 CVEs
Bs Gs2048 Firmware
bs-gs2048_firmware
3 CVEs
Bs Gs2008p Firmware
bs-gs2008p_firmware
3 CVEs
Bs Gs2016p Firmware
bs-gs2016p_firmware
3 CVEs
Bs Gs2024p Firmware
bs-gs2024p_firmware
3 CVEs
Wmr 433 Firmware
wmr-433_firmware
2 CVEs
Wmr 433w Firmware
wmr-433w_firmware
2 CVEs
Bbr 4mg Firmware
bbr-4mg_firmware
2 CVEs
Bbr 4hg Firmware
bbr-4hg_firmware
2 CVEs
Open Xdmod
open_xdmod
2 CVEs
Airstation Whr G54s Firmware
airstation_whr-g54s_firmware
2 CVEs
Wsr 1166dhp4 Firmware
wsr-1166dhp4_firmware
2 CVEs
Wsr 1166dhp3 Firmware
wsr-1166dhp3_firmware
2 CVEs

CVEs (56)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-33366
1Buffalo
46Fs M1266 Firmware
Fs S1266 FirmwareVr U300w Firmware+43 more
Mar 31, 2026
Mar 27, 2026
6.9 MEDIUM· v4
5.3 MEDIUM· v3
N/A· v2
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
CVE-2026-33280
1Buffalo
46Fs M1266 Firmware
Fs S1266 FirmwareVr U300w Firmware+43 more
Mar 31, 2026
Mar 27, 2026
8.6 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
CVE-2026-32678
1Buffalo
46Fs M1266 Firmware
Fs S1266 FirmwareVr U300w Firmware+43 more
Mar 31, 2026
Mar 27, 2026
8.7 HIGH· v4
7.5 HIGH· v3
N/A· v2
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
CVE-2026-32669
1Buffalo
46Fs M1266 Firmware
Fs S1266 FirmwareVr U300w Firmware+43 more
Mar 31, 2026
Mar 27, 2026
8.7 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
CVE-2026-27650
1Buffalo
46Fs M1266 Firmware
Fs S1266 FirmwareVr U300w Firmware+43 more
Mar 31, 2026
Mar 27, 2026
8.6 HIGH· v4
9.8 CRITICAL· v3
N/A· v2
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
CVE-2024-26023
1Buffalo
7Wcr 1166ds Firmware
Wsr 1166dhp2 FirmwareWsr 1166dhp Firmware+4 more
Jun 30, 2025
Apr 15, 2024
N/A· v4
4.2 MEDIUM· v3
N/A· v2
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
CVE-2024-23486
1Buffalo
4Wsr 2533dhp2 Firmware
Wsr 2533dhp FirmwareWsr 2533dhpl Firmware+1 more
Jun 30, 2025
Apr 15, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
CVE-2023-49038
1Buffalo
1Ls210d Firmware
Jun 2, 2025
Jan 29, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.
CVE-2023-51073
1Buffalo
1Ls210d Firmware
Jun 6, 2025
Jan 11, 2024
N/A· v4
8.1 HIGH· v3
N/A· v2
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh.
CVE-2023-51363
1Buffalo
1Vr S1000 Firmware
Nov 21, 2024
Dec 26, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.
CVE-2023-46711
1Buffalo
1Vr S1000 Firmware
Nov 21, 2024
Dec 26, 2023
N/A· v4
4.6 MEDIUM· v3
N/A· v2
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
CVE-2023-46681
1Buffalo
1Vr S1000 Firmware
Nov 21, 2024
Dec 26, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line in...Show more
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.Show less
CVE-2023-45741
1Buffalo
1Vr S1000 Firmware
Nov 21, 2024
Dec 26, 2023
N/A· v4
6.8 MEDIUM· v3
N/A· v2
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.
CVE-2023-39620
1Buffalo
1Terastation Nas 5410r Firmware
Nov 21, 2024
Sep 8, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.
CVE-2023-26588
1Buffalo
16Bs Gs2008 Firmware
Bs Gs2008p FirmwareBs Gs2016 Firmware+13 more
Feb 11, 2025
Apr 11, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03...Show more
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierShow less
CVE-2023-24544
1Buffalo
12Bs Gs2008 Firmware
Bs Gs2008p FirmwareBs Gs2016 Firmware+9 more
Feb 11, 2025
Apr 11, 2023
N/A· v4
8.1 HIGH· v3
N/A· v2
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and ver...Show more
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierShow less
CVE-2023-24464
1Buffalo
7Bs Gs2008 Firmware
Bs Gs2008p FirmwareBs Gs2016 Firmware+4 more
Feb 11, 2025
Apr 11, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The aff...Show more
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlierShow less
CVE-2022-43486
1Buffalo
13Wcr 1166ds Firmware
Wex 1800ax4 FirmwareWex 1800ax4ea Firmware+10 more
Apr 17, 2025
Dec 19, 2022
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devic...Show more
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.Show less
CVE-2022-43466
1Buffalo
10Wex 1800ax4 Firmware
Wex 1800ax4ea FirmwareWsr 2533dhp2 Firmware+7 more
Apr 17, 2025
Dec 19, 2022
N/A· v4
6.8 MEDIUM· v3
N/A· v2
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CG...Show more
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.Show less
CVE-2022-43443
1Buffalo
11Wcr 1166ds Firmware
Wsr 2533dhp2 FirmwareWsr 2533dhp3 Firmware+8 more
Apr 17, 2025
Dec 19, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.