Filtered by vendor Buffalo
Subscribe
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-45776 | 1 Buffalo | 1 Open Xdmod | 2026-06-10 | N/A | 4.3 MEDIUM |
| OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users' compute job efficiency metrics. All deployments of Open XDMoD prior to version 11.0.3 that contain the optional Job Performance (SUPReMM) module are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually. | |||||
| CVE-2026-45777 | 1 Buffalo | 1 Open Xdmod | 2026-06-10 | N/A | 9.8 CRITICAL |
| OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually. | |||||
| CVE-2026-45778 | 1 Buffalo | 1 Open Xdmod | 2026-06-10 | N/A | 5.4 MEDIUM |
| OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually. | |||||
| CVE-2026-45779 | 1 Buffalo | 1 Open Xdmod | 2026-06-10 | N/A | 9.8 CRITICAL |
| OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually. | |||||
| CVE-2018-16988 | 1 Buffalo | 1 Open Xdmod | 2026-06-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes. | |||||
| CVE-2017-2126 | 1 Buffalo | 4 Wapm-1166d, Wapm-1166d Firmware, Wapm-apg600h and 1 more | 2026-05-13 | 10.0 HIGH | 9.8 CRITICAL |
| WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. | |||||
| CVE-2017-10897 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2026-05-13 | 5.5 MEDIUM | 4.5 MEDIUM |
| Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. | |||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2026-05-13 | 7.7 HIGH | 6.8 MEDIUM |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
| CVE-2017-2274 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2026-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2017-10896 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2026-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-4816 | 1 Buffalo | 68 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 65 more | 2026-05-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | |||||
| CVE-2016-4815 | 1 Buffalo | 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more | 2026-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2026-27650 | 1 Buffalo | 92 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 89 more | 2026-03-31 | N/A | 9.8 CRITICAL |
| OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. | |||||
| CVE-2026-32669 | 1 Buffalo | 92 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 89 more | 2026-03-31 | N/A | 9.8 CRITICAL |
| Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. | |||||
| CVE-2026-32678 | 1 Buffalo | 92 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 89 more | 2026-03-31 | N/A | 7.5 HIGH |
| Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. | |||||
| CVE-2026-33280 | 1 Buffalo | 92 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 89 more | 2026-03-31 | N/A | 9.8 CRITICAL |
| Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands. | |||||
| CVE-2026-33366 | 1 Buffalo | 92 Fs-m1266, Fs-m1266 Firmware, Fs-s1266 and 89 more | 2026-03-31 | N/A | 5.3 MEDIUM |
| Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication. | |||||
| CVE-2021-20090 | 1 Buffalo | 4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more | 2025-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. | |||||
| CVE-2024-26023 | 1 Buffalo | 14 Wcr-1166ds, Wcr-1166ds Firmware, Wsr-1166dhp and 11 more | 2025-06-30 | N/A | 4.2 MEDIUM |
| OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. | |||||