Published:2026/03/27  Last Updated:2026/03/27

JVN#83788689
Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview

Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities.

Products Affected

  • Multiple BUFFALO Wi-Fi router products
For details on affected product names and versions, refer to the information provided by the developer.

Description

Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below.

  • Dependency on vulnerable third-party component (CWE-1395)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Base Score 6.9
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score 5.3
    • This issue is caused by a vulnerability in mini_httpd (CVE-2015-1548).
  • OS command injection (CWE-78)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 8.8
    • CVE-2026-27650
  • Code injection (CWE-94)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.7
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base Score 8.8
    • CVE-2026-32669
  • Authentication bypass using an alternate path or channel (CWE-288)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Base Score 8.7
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score 7.5
    • CVE-2026-32678
  • Hidden functionality (CWE-912)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
    • CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
    • CVE-2026-33280
  • Missing authentication for critical function (CWE-306)
    • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 6.9
    • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Base Score 5.3
    • CVE-2026-33366

Impact

  • Sensitive information may be accessed from process memory (CVE-2015-1548)
  • An arbitrary OS command may be executed on the products (CVE-2026-27650)
  • An arbitrary code may be executed on the products (CVE-2026-32669)
  • An attacker may be able to alter critical configuration settings without authentication (CVE-2026-32678)
  • An attacker may gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands (CVE-2026-33280)
  • An attacker may be able to forcibly reboot the product without authentication (CVE-2026-33366)

Solution

Update the firmware
Update the firmware according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
BUFFALO INC. Vulnerable 2026/03/27 BUFFALO INC. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2015-1548
Justus W. Perlwitz of JWP Consulting reported this vulnerability to BUFFALO INC. and coordinated.
After the coordination was completed, BUFFALO INC. reported the case to JPCERT/CC to notify users of the solution through JVN.

CVE-2026-27650
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2026-32669
Koji Ando and KIRISHIKI Yudai of National Institute of Information and Communications Technology reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2026-32678, CVE-2026-33280, CVE-2026-33366
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2026-27650
CVE-2026-32669
CVE-2026-32678
CVE-2026-33280
CVE-2026-33366
JVN iPedia JVNDB-2026-000046