Published:2025/10/15 Last Updated:2025/10/15
JVNVU#96471278
Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal
Overview
Wi-Fi router WXR9300BE6P series provided by BUFFALO INC. contains a path traversal vulnerability.
Products Affected
- WXR9300BE6P series firmware versions prior to Ver.1.10
Description
Wi-Fi router WXR9300BE6P series provided by BUFFALO INC. contains the following vulnerability.
- Path traversal (CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 8.6
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score 7.2
- CVE-2025-61941
Impact
Arbitrary file may be altered by an administrative user who logs in to the affected product.
Moreover, arbitrary OS command may be executed via some file alteration.
Solution
Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| BUFFALO INC. | Vulnerable | 2025/10/15 | BUFFALO INC. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-61941 |
| JVN iPedia |
|