Shodan
Vulnerabilities
Vulnerable Software
Buffalo:  Security Vulnerabilities
CVE-2026-27650
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-03-27
CVE-2026-32669
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
CVSS Score
8.7
EPSS Score
0.0
Published
2026-03-27
CVE-2026-32678
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
CVSS Score
8.7
EPSS Score
0.001
Published
2026-03-27
CVE-2026-33280
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-03-27
CVE-2026-33366
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
CVSS Score
6.9
EPSS Score
0.001
Published
2026-03-27
CVE-2024-26023
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
CVSS Score
4.2
EPSS Score
0.002
Published
2024-04-15
CVE-2024-23486
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
CVSS Score
9.8
EPSS Score
0.005
Published
2024-04-15
CVE-2023-49038
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.
CVSS Score
7.2
EPSS Score
0.015
Published
2024-01-29
CVE-2023-51073
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh.
CVSS Score
8.1
EPSS Score
0.26
Published
2024-01-11
CVE-2023-51363
VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved