Primary

Context

BUFFALO Wi-Fi Routers Code Injection Vulnerability

Vulnerability

Patched

A code injection vulnerability has been identified in multiple BUFFALO Wi-Fi router products. This vulnerability allows for the execution of arbitrary code on the affected devices. The issue arises from a dependency on a vulnerable third-party component, mini_httpd, which has its own known vulnerability (CVE-2015-1548).

Impact

Exploitation of this vulnerability allows for the execution of arbitrary code on the affected router.

Remediation

Users are advised to update the router's firmware to the latest version. Instructions for downloading the update are available on the BUFFALO support website. For models no longer supported, it is recommended to discontinue use and consider transitioning to a new product.

Added: Mar 27, 2026, 6:23 AM

Updated: Mar 27, 2026, 6:23 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.4

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BUFFALO Wi-Fi Routers Code Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

BUFFALO WZR-600DHP

BUFFALO WZR-600DHP2

BUFFALO WZR-600DHP3

BUFFALO WZR-900DHP

BUFFALO WZR-900DHP2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating