Skip to main content

Buffalo Wi Fi Router Products CVE-2026-32678

| EUVDEUVD-2026-16547 HIGH
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-03-27 jpcert
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 27, 2026 - 06:00 euvd
EUVD-2026-16547
Analysis Generated
Mar 27, 2026 - 06:00 vuln.today
CVE Published
Mar 27, 2026 - 05:25 nvd
HIGH 8.7

DescriptionCVE.org

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

AnalysisAI

BUFFALO Wi-Fi router products allow unauthenticated remote attackers to bypass authentication mechanisms and modify critical configuration settings without valid credentials. This CWE-288 authentication bypass vulnerability affects BUFFALO Wi-Fi router product lines (CVSS 7.5, High severity) and enables complete compromise of device integrity. No public exploit identified at time of analysis, though the network-accessible attack surface and low complexity (AV:N/AC:L/PR:N) increase exposure risk for internet-facing devices.

Technical ContextAI

This vulnerability stems from CWE-288 (Authentication Bypass Using an Alternate Path or Channel), indicating BUFFALO Wi-Fi routers contain a code path that fails to properly validate user authentication before permitting access to administrative functions. The CPE identifier cpe:2.3:a:buffalo_inc.:buffalo_wi-fi_router_products:*:*:*:*:*:*:*:* suggests multiple product models within BUFFALO's consumer and enterprise router portfolio are affected. The flaw allows circumvention of normal authentication controls, likely through an alternate entry point or API endpoint that lacks proper authentication enforcement, enabling direct manipulation of device configuration parameters including network settings, access controls, and firmware management functions.

RemediationAI

Consult the official BUFFALO vendor security advisory at https://www.buffalo.jp/news/detail/20260323-01.html for specific patched firmware versions applicable to affected router models and upgrade immediately. The JVN advisory at https://jvn.jp/en/jp/JVN83788689/ provides additional remediation guidance and confirmation of fix availability. Until firmware updates can be applied, mitigate exposure by restricting management interface access to trusted internal networks only, disabling remote administration features, and implementing network-layer access controls (firewall rules) to block external access to administrative ports. Organizations should inventory BUFFALO router deployments, prioritize internet-facing devices for immediate patching, and monitor for unauthorized configuration changes through configuration backup comparison and logging review.

Share

CVE-2026-32678 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy