Skip to main content

Buffalo Wi Fi Router Products EUVDEUVD-2026-16551

| CVE-2026-33366 MEDIUM
Missing Authentication for Critical Function (CWE-306)
2026-03-27 jpcert
6.9
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
EUVD ID Assigned
Mar 27, 2026 - 06:00 euvd
EUVD-2026-16551
Analysis Generated
Mar 27, 2026 - 06:00 vuln.today
CVE Published
Mar 27, 2026 - 05:25 nvd
MEDIUM 6.9

DescriptionCVE.org

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.

AnalysisAI

BUFFALO Wi-Fi router products lack authentication controls on a critical reboot function, allowing remote unauthenticated attackers to forcibly restart affected devices over the network. The vulnerability affects multiple BUFFALO router product lines across unspecified versions. While the CVSS score of 5.3 reflects moderate severity, the attack requires no credentials, no user interaction, and can be executed remotely with low complexity, making it operationally exploitable for denial-of-service attacks against networked BUFFALO routers. No public exploit code or confirmed active exploitation has been identified at the time of analysis.

Technical ContextAI

The vulnerability stems from CWE-306 (Missing Authentication for Critical Function), indicating that BUFFALO router firmware exposes a reboot administrative function without proper authentication validation. The affected products are categorized under BUFFALO Wi-Fi router products (CPE: cpe:2.3:a:buffalo_inc.:buffalo_wi-fi_router_products), which typically run embedded Linux-based firmware with web management interfaces. The root cause is that the reboot function likely accepts HTTP/HTTPS requests from any source without verifying session tokens, API keys, or user credentials. This authentication bypass class is particularly dangerous in network appliances because routers are often directly internet-facing or accessible from untrusted internal networks, and their restart can disrupt connectivity for all connected clients.

RemediationAI

Users should immediately apply the firmware patch released by BUFFALO for their specific router model, available through the vendor's security advisory at https://www.buffalo.jp/news/detail/20260323-01.html and detailed in the JVN advisory at https://jvn.jp/en/jp/JVN83788689/. Until patching can be completed, implement network-level mitigations: restrict access to the router's web management interface (typically TCP 80/443) to trusted administrative networks only using firewall rules or access control lists; disable external management interfaces if the router supports this option; and monitor for unexpected reboot events in router logs. Organizations managing multiple BUFFALO routers should prioritize patching based on exposure-devices directly internet-facing or in untrusted networks should be updated first. Check the vendor advisory for exact firmware version numbers and supported models before downloading patches to ensure compatibility.

Share

EUVD-2026-16551 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy