Known Vulnerabilities for products from Buffalo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Buffalo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33366 | Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-33280 | Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-32678 | Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configurat... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-32669 | Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code m... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-27650 | OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary ... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2021-20731 | WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary ... | 8.8 - HIGH | 2021-06-09 | 2021-06-16 |
| CVE-2021-20730 | Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prio... | 4.3 - MEDIUM | 2021-06-09 | 2022-06-28 |
| CVE-2021-20716 | Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and p... | 9.8 - CRITICAL | 2021-04-28 | 2021-05-07 |
| CVE-2021-20092 | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properl... | 7.5 - HIGH | 2021-04-29 | 2022-07-12 |
| CVE-2021-20091 | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properl... | 8.8 - HIGH | 2021-04-29 | 2021-05-05 |
| CVE-2021-20090 | A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmw... | 9.8 - CRITICAL | 2021-04-29 | 2023-10-18 |
| CVE-2021-3512 | Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmw... | 8.8 - HIGH | 2021-04-28 | 2022-07-12 |
| CVE-2021-3511 | Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver... | 4.3 - MEDIUM | 2021-04-28 | 2022-07-12 |
| CVE-2020-5606 | Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script v... | 6.1 - MEDIUM | 2020-09-18 | 2020-09-24 |
| CVE-2020-5605 | Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information su... | 4.3 - MEDIUM | 2020-09-18 | 2020-09-24 |
| CVE-2018-16961 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file p... | 7.5 - HIGH | 2019-05-02 | 2019-05-03 |
| CVE-2018-16960 | An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name... | 6.1 - MEDIUM | 2019-05-02 | 2019-05-03 |
| CVE-2018-13324 | Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by send... | 9.8 - CRITICAL | 2018-11-26 | 2019-10-03 |
| CVE-2018-13323 | Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "... | 6.1 - MEDIUM | 2018-11-26 | 2018-12-26 |
| CVE-2018-13322 | Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory conten... | 6.5 - MEDIUM | 2018-11-26 | 2018-12-26 |
Known software with vulnerabilities from Buffalo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Buffalo | Open Xdmod | 7.5.0 |