Description
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
Published: 2026-03-27
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary OS command execution
Action: Immediate Patch
AI Analysis

Impact

A hidden debugging feature in a range of Buffalo Wi‑Fi routers allows an attacker to invoke arbitrary operating‑system commands, giving the attacker direct control over the device’s firmware and software environment. The vulnerability is associated with insufficient access controls for the debug interface and is reflected by CWE‑912. Exploitation results in the ability to run any command the router’s underlying operating system permits, potentially compromising device integrity and availability.

Affected Systems

The flaw affects many Buffalo products, including the FS‑M1266, FS‑S1266, VR‑U300W, VR‑U500X, and various models in the WAPM, WAPS, WCR, WEM, WRM, WSR, WTR, WXR, and WZR families. No specific firmware release numbers are identified, so all current firmware versions may be vulnerable until a vendor update is released.

Risk and Exploitability

The CVSS score of 8.6 places this issue in the high‑severity range, indicating a serious threat. EPSS scoring shows less than 1% probability of immediate exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote access to the router’s management or diagnostic interface, which a malicious actor could use to trigger the hidden debugging functions.

Generated by OpenCVE AI on April 1, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Buffalo’s official support site for a firmware update that removes or disables the hidden debugging functionality and install the latest version as soon as it becomes available.
  • If an update is not available, review the router’s configuration options to disable the debug interface or restrict its use to the local network only.
  • Limit management access to the router to trusted networks or VPN connections to reduce exposure to an attacker who may try to reach the debug interface remotely.
  • Monitor the device’s system logs for attempts to access debug features or execute unexpected commands, and investigate any such incidents promptly.

Generated by OpenCVE AI on April 1, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Title Debug Functionality Exploitation Leading to Arbitrary OS Command Execution in Buffalo Wi‑Fi Routers

Tue, 31 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Buffalo fs-m1266
Buffalo fs-m1266 Firmware
Buffalo fs-s1266
Buffalo fs-s1266 Firmware
Buffalo vr-u300w
Buffalo vr-u300w Firmware
Buffalo vr-u500x
Buffalo vr-u500x Firmware
Buffalo wapm-1266r
Buffalo wapm-1266r Firmware
Buffalo wapm-1266wdpr
Buffalo wapm-1266wdpr Firmware
Buffalo wapm-1266wdpra
Buffalo wapm-1266wdpra Firmware
Buffalo wapm-1750d
Buffalo wapm-1750d Firmware
Buffalo wapm-2133r
Buffalo wapm-2133r Firmware
Buffalo wapm-2133tr
Buffalo wapm-2133tr Firmware
Buffalo wapm-ax4r
Buffalo wapm-ax4r Firmware
Buffalo wapm-ax8r
Buffalo wapm-ax8r Firmware
Buffalo wapm-axetr
Buffalo wapm-axetr Firmware
Buffalo waps-1266
Buffalo waps-1266 Firmware
Buffalo waps-ax4
Buffalo waps-ax4 Firmware
Buffalo wcr-1166dhpl
Buffalo wcr-1166dhpl Firmware
Buffalo wem-1266
Buffalo wem-1266 Firmware
Buffalo wem-1266wp
Buffalo wem-1266wp Firmware
Buffalo wrm-d2133hp
Buffalo wrm-d2133hp Firmware
Buffalo wrm-d2133hs
Buffalo wrm-d2133hs Firmware
Buffalo wsr3600be4-kh
Buffalo wsr3600be4-kh Firmware
Buffalo wsr3600be4p
Buffalo wsr3600be4p Firmware
Buffalo wtr-m2133hp
Buffalo wtr-m2133hp Firmware
Buffalo wtr-m2133hs
Buffalo wtr-m2133hs Firmware
Buffalo wxr-1750dhp
Buffalo wxr-1750dhp2
Buffalo wxr-1750dhp2 Firmware
Buffalo wxr-1750dhp Firmware
Buffalo wxr-1900dhp
Buffalo wxr-1900dhp2
Buffalo wxr-1900dhp2 Firmware
Buffalo wxr-1900dhp3
Buffalo wxr-1900dhp3 Firmware
Buffalo wxr-1900dhp Firmware
Buffalo wxr-5950ax12
Buffalo wxr-5950ax12 Firmware
Buffalo wxr-6000ax12b
Buffalo wxr-6000ax12b Firmware
Buffalo wxr-6000ax12p
Buffalo wxr-6000ax12p Firmware
Buffalo wxr-6000ax12s
Buffalo wxr-6000ax12s Firmware
Buffalo wxr18000be10p
Buffalo wxr18000be10p Firmware
Buffalo wzr-1166dhp
Buffalo wzr-1166dhp2
Buffalo wzr-1166dhp2 Firmware
Buffalo wzr-1166dhp Firmware
Buffalo wzr-1750dhp
Buffalo wzr-1750dhp2
Buffalo wzr-1750dhp2 Firmware
Buffalo wzr-1750dhp Firmware
Buffalo wzr-600dhp
Buffalo wzr-600dhp2
Buffalo wzr-600dhp2 Firmware
Buffalo wzr-600dhp3
Buffalo wzr-600dhp3 Firmware
Buffalo wzr-600dhp Firmware
Buffalo wzr-900dhp
Buffalo wzr-900dhp2
Buffalo wzr-900dhp2 Firmware
Buffalo wzr-900dhp Firmware
Buffalo wzr-s1750dhp
Buffalo wzr-s1750dhp Firmware
Buffalo wzr-s600dhp
Buffalo wzr-s600dhp Firmware
Buffalo wzr-s900dhp
Buffalo wzr-s900dhp Firmware
CPEs cpe:2.3:h:buffalo:fs-m1266:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:fs-s1266:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:vr-u300w:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:vr-u500x:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-1266r:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-1266wdpr:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-1266wdpra:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-1750d:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-2133r:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-2133tr:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-ax4r:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-ax8r:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wapm-axetr:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:waps-1266:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:waps-ax4:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wcr-1166dhpl:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wem-1266:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wem-1266wp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wrm-d2133hp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wrm-d2133hs:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr3600be4-kh:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wsr3600be4p:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wtr-m2133hp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wtr-m2133hs:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-1750dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-1750dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-1900dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-1900dhp3:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-1900dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-5950ax12:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-6000ax12b:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-6000ax12p:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr-6000ax12s:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wxr18000be10p:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-1166dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-1166dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-1750dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-1750dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-600dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-600dhp3:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-900dhp2:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-900dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-s1750dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-s600dhp:-:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:wzr-s900dhp:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:fs-m1266_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:fs-s1266_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:vr-u300w_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:vr-u500x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-1266r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-1266wdpr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-1266wdpra_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-1750d_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-2133r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-2133tr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-ax4r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-ax8r_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wapm-axetr_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:waps-1266_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:waps-ax4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wcr-1166dhpl_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wem-1266_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wem-1266wp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wrm-d2133hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wrm-d2133hs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr3600be4-kh_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wsr3600be4p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wtr-m2133hp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wtr-m2133hs_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-1750dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-1750dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-1900dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-1900dhp3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-1900dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-5950ax12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-6000ax12b_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-6000ax12p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr-6000ax12s_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wxr18000be10p_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-1166dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-1166dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-1750dhp2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-1750dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-600dhp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-600dhp3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-600dhp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-900dhp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-900dhp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-s1750dhp_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-s600dhp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:wzr-s900dhp_firmware:-:*:*:*:*:*:*:*
Vendors & Products Buffalo fs-m1266
Buffalo fs-m1266 Firmware
Buffalo fs-s1266
Buffalo fs-s1266 Firmware
Buffalo vr-u300w
Buffalo vr-u300w Firmware
Buffalo vr-u500x
Buffalo vr-u500x Firmware
Buffalo wapm-1266r
Buffalo wapm-1266r Firmware
Buffalo wapm-1266wdpr
Buffalo wapm-1266wdpr Firmware
Buffalo wapm-1266wdpra
Buffalo wapm-1266wdpra Firmware
Buffalo wapm-1750d
Buffalo wapm-1750d Firmware
Buffalo wapm-2133r
Buffalo wapm-2133r Firmware
Buffalo wapm-2133tr
Buffalo wapm-2133tr Firmware
Buffalo wapm-ax4r
Buffalo wapm-ax4r Firmware
Buffalo wapm-ax8r
Buffalo wapm-ax8r Firmware
Buffalo wapm-axetr
Buffalo wapm-axetr Firmware
Buffalo waps-1266
Buffalo waps-1266 Firmware
Buffalo waps-ax4
Buffalo waps-ax4 Firmware
Buffalo wcr-1166dhpl
Buffalo wcr-1166dhpl Firmware
Buffalo wem-1266
Buffalo wem-1266 Firmware
Buffalo wem-1266wp
Buffalo wem-1266wp Firmware
Buffalo wrm-d2133hp
Buffalo wrm-d2133hp Firmware
Buffalo wrm-d2133hs
Buffalo wrm-d2133hs Firmware
Buffalo wsr3600be4-kh
Buffalo wsr3600be4-kh Firmware
Buffalo wsr3600be4p
Buffalo wsr3600be4p Firmware
Buffalo wtr-m2133hp
Buffalo wtr-m2133hp Firmware
Buffalo wtr-m2133hs
Buffalo wtr-m2133hs Firmware
Buffalo wxr-1750dhp
Buffalo wxr-1750dhp2
Buffalo wxr-1750dhp2 Firmware
Buffalo wxr-1750dhp Firmware
Buffalo wxr-1900dhp
Buffalo wxr-1900dhp2
Buffalo wxr-1900dhp2 Firmware
Buffalo wxr-1900dhp3
Buffalo wxr-1900dhp3 Firmware
Buffalo wxr-1900dhp Firmware
Buffalo wxr-5950ax12
Buffalo wxr-5950ax12 Firmware
Buffalo wxr-6000ax12b
Buffalo wxr-6000ax12b Firmware
Buffalo wxr-6000ax12p
Buffalo wxr-6000ax12p Firmware
Buffalo wxr-6000ax12s
Buffalo wxr-6000ax12s Firmware
Buffalo wxr18000be10p
Buffalo wxr18000be10p Firmware
Buffalo wzr-1166dhp
Buffalo wzr-1166dhp2
Buffalo wzr-1166dhp2 Firmware
Buffalo wzr-1166dhp Firmware
Buffalo wzr-1750dhp
Buffalo wzr-1750dhp2
Buffalo wzr-1750dhp2 Firmware
Buffalo wzr-1750dhp Firmware
Buffalo wzr-600dhp
Buffalo wzr-600dhp2
Buffalo wzr-600dhp2 Firmware
Buffalo wzr-600dhp3
Buffalo wzr-600dhp3 Firmware
Buffalo wzr-600dhp Firmware
Buffalo wzr-900dhp
Buffalo wzr-900dhp2
Buffalo wzr-900dhp2 Firmware
Buffalo wzr-900dhp Firmware
Buffalo wzr-s1750dhp
Buffalo wzr-s1750dhp Firmware
Buffalo wzr-s600dhp
Buffalo wzr-s600dhp Firmware
Buffalo wzr-s900dhp
Buffalo wzr-s900dhp Firmware
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Buffalo
Buffalo wi-fi Router Products
Vendors & Products Buffalo
Buffalo wi-fi Router Products

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title Debug Functionality Exploitation Leading to Arbitrary OS Command Execution in Buffalo Wi‑Fi Routers

Fri, 27 Mar 2026 06:00:00 +0000

Type Values Removed Values Added
Description Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
Weaknesses CWE-912
References
Metrics cvssV3_0

{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Buffalo Fs-m1266 Fs-m1266 Firmware Fs-s1266 Fs-s1266 Firmware Vr-u300w Vr-u300w Firmware Vr-u500x Vr-u500x Firmware Wapm-1266r Wapm-1266r Firmware Wapm-1266wdpr Wapm-1266wdpr Firmware Wapm-1266wdpra Wapm-1266wdpra Firmware Wapm-1750d Wapm-1750d Firmware Wapm-2133r Wapm-2133r Firmware Wapm-2133tr Wapm-2133tr Firmware Wapm-ax4r Wapm-ax4r Firmware Wapm-ax8r Wapm-ax8r Firmware Wapm-axetr Wapm-axetr Firmware Waps-1266 Waps-1266 Firmware Waps-ax4 Waps-ax4 Firmware Wcr-1166dhpl Wcr-1166dhpl Firmware Wem-1266 Wem-1266 Firmware Wem-1266wp Wem-1266wp Firmware Wi-fi Router Products Wrm-d2133hp Wrm-d2133hp Firmware Wrm-d2133hs Wrm-d2133hs Firmware Wsr3600be4-kh Wsr3600be4-kh Firmware Wsr3600be4p Wsr3600be4p Firmware Wtr-m2133hp Wtr-m2133hp Firmware Wtr-m2133hs Wtr-m2133hs Firmware Wxr-1750dhp Wxr-1750dhp2 Wxr-1750dhp2 Firmware Wxr-1750dhp Firmware Wxr-1900dhp Wxr-1900dhp2 Wxr-1900dhp2 Firmware Wxr-1900dhp3 Wxr-1900dhp3 Firmware Wxr-1900dhp Firmware Wxr-5950ax12 Wxr-5950ax12 Firmware Wxr-6000ax12b Wxr-6000ax12b Firmware Wxr-6000ax12p Wxr-6000ax12p Firmware Wxr-6000ax12s Wxr-6000ax12s Firmware Wxr18000be10p Wxr18000be10p Firmware Wzr-1166dhp Wzr-1166dhp2 Wzr-1166dhp2 Firmware Wzr-1166dhp Firmware Wzr-1750dhp Wzr-1750dhp2 Wzr-1750dhp2 Firmware Wzr-1750dhp Firmware Wzr-600dhp Wzr-600dhp2 Wzr-600dhp2 Firmware Wzr-600dhp3 Wzr-600dhp3 Firmware Wzr-600dhp Firmware Wzr-900dhp Wzr-900dhp2 Wzr-900dhp2 Firmware Wzr-900dhp Firmware Wzr-s1750dhp Wzr-s1750dhp Firmware Wzr-s600dhp Wzr-s600dhp Firmware Wzr-s900dhp Wzr-s900dhp Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-27T19:54:05.856Z

Reserved: 2026-03-25T06:25:26.636Z

Link: CVE-2026-33280

cve-icon Vulnrichment

Updated: 2026-03-27T19:54:01.763Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T06:16:38.837

Modified: 2026-03-31T19:03:40.647

Link: CVE-2026-33280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:55:42Z

Weaknesses