Vulnerability Description
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buffalo | Wcr-1166Dhpl Firmware | < 1.01 |
| Buffalo | Wcr-1166Dhpl | - |
| Buffalo | Wsr3600Be4-Kh Firmware | < 6.02 |
| Buffalo | Wsr3600Be4-Kh | - |
| Buffalo | Wsr3600Be4P Firmware | < 5.02 |
| Buffalo | Wsr3600Be4P | - |
| Buffalo | Wxr-1750Dhp Firmware | < 2.63 |
| Buffalo | Wxr-1750Dhp | - |
| Buffalo | Wxr-1750Dhp2 Firmware | < 2.63 |
| Buffalo | Wxr-1750Dhp2 | - |
| Buffalo | Wxr18000Be10P Firmware | < 5.03 |
| Buffalo | Wxr18000Be10P | - |
| Buffalo | Wxr-1900Dhp Firmware | < 2.53 |
| Buffalo | Wxr-1900Dhp | - |
| Buffalo | Wxr-1900Dhp2 Firmware | < 2.62 |
| Buffalo | Wxr-1900Dhp2 | - |
| Buffalo | Wxr-1900Dhp3 Firmware | < 2.66 |
| Buffalo | Wxr-1900Dhp3 | - |
| Buffalo | Wxr-5950Ax12 Firmware | < 3.57 |
| Buffalo | Wxr-5950Ax12 | - |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN83788689/Third Party Advisory
- https://www.buffalo.jp/news/detail/20260323-01.htmlVendor Advisory
FAQ
What is CVE-2026-33280?
CVE-2026-33280 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS comm...
How severe is CVE-2026-33280?
CVE-2026-33280 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-33280?
Check the references section above for vendor advisories and patch information. Affected products include: Buffalo Wcr-1166Dhpl Firmware, Buffalo Wcr-1166Dhpl, Buffalo Wsr3600Be4-Kh Firmware, Buffalo Wsr3600Be4-Kh, Buffalo Wsr3600Be4P Firmware.