Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
AnalysisAI
BUFFALO Wi-Fi router products allow unauthenticated remote attackers to bypass authentication mechanisms and modify critical configuration settings without valid credentials. This CWE-288 authentication bypass vulnerability affects BUFFALO Wi-Fi router product lines (CVSS 7.5, High severity) and enables complete compromise of device integrity. No public exploit identified at time of analysis, though the network-accessible attack surface and low complexity (AV:N/AC:L/PR:N) increase exposure risk for internet-facing devices.
Technical ContextAI
This vulnerability stems from CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating BUFFALO Wi-Fi routers contain a code path that fails to properly validate user authentication before permitting access to administrative functions. The CPE identifier cpe:2.3:a:buffalo_inc.:buffalo_wi-fi_router_products:*:*:*:*:*:*:*:* suggests multiple product models within BUFFALO's consumer and enterprise router portfolio are affected. The flaw allows circumvention of normal authentication controls, likely through an alternate entry point or API endpoint that lacks proper authentication enforcement, enabling direct manipulation of device configuration parameters including network settings, access controls, and firmware management functions.
RemediationAI
Consult the official BUFFALO vendor security advisory at https://www.buffalo.jp/news/detail/20260323-01.html for specific patched firmware versions applicable to affected router models and upgrade immediately. The JVN advisory at https://jvn.jp/en/jp/JVN83788689/ provides additional remediation guidance and confirmation of fix availability. Until firmware updates can be applied, mitigate exposure by restricting management interface access to trusted internal networks only, disabling remote administration features, and implementing network-layer access controls (firewall rules) to block external access to administrative ports. Organizations should inventory BUFFALO router deployments, prioritize internet-facing devices for immediate patching, and monitor for unauthorized configuration changes through configuration backup comparison and logging review.
BUFFALO Wi-Fi router products allow remote code execution through a code injection vulnerability requiring user interact
Remote OS command injection in BUFFALO Wi-Fi router products allows unauthenticated attackers to execute arbitrary opera
BUFFALO Wi-Fi router products contain hidden debugging functionality that permits authenticated attackers with high-leve
BUFFALO Wi-Fi router products lack authentication controls on a critical reboot function, allowing remote unauthenticate
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16547