CVE-2026-32669
Code Injection in BUFFALO Wi-Fi Routers Enables Remote Execution
Publication date: 2026-03-27
Last updated on: 2026-03-31
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| buffalo | wcr-1166dhpl_firmware | to 1.01 (exc) |
| buffalo | wsr3600be4-kh_firmware | to 6.02 (exc) |
| buffalo | wsr3600be4p_firmware | to 5.02 (exc) |
| buffalo | wxr-1750dhp_firmware | to 2.63 (exc) |
| buffalo | wxr-1750dhp2_firmware | to 2.63 (exc) |
| buffalo | wxr18000be10p_firmware | to 5.03 (exc) |
| buffalo | wxr-1900dhp_firmware | to 2.53 (exc) |
| buffalo | wxr-1900dhp2_firmware | to 2.62 (exc) |
| buffalo | wxr-1900dhp3_firmware | to 2.66 (exc) |
| buffalo | wxr-5950ax12_firmware | to 3.57 (exc) |
| buffalo | wxr-6000ax12b_firmware | to 3.57 (exc) |
| buffalo | wxr-6000ax12p_firmware | to 3.57 (exc) |
| buffalo | wxr-6000ax12s_firmware | to 3.57 (exc) |
| buffalo | wzr-1166dhp_firmware | to 2.20 (exc) |
| buffalo | wzr-1166dhp2_firmware | to 2.20 (exc) |
| buffalo | wzr-1750dhp_firmware | to 2.32 (exc) |
| buffalo | wzr-1750dhp2_firmware | to 2.33 (exc) |
| buffalo | wzr-s1750dhp_firmware | to 2.34 (exc) |
| buffalo | wrm-d2133hp_firmware | to 3.01 (exc) |
| buffalo | wrm-d2133hs_firmware | to 3.01 (exc) |
| buffalo | wtr-m2133hp_firmware | to 3.01 (exc) |
| buffalo | wtr-m2133hs_firmware | to 3.01 (exc) |
| buffalo | wem-1266_firmware | to 2.87 (exc) |
| buffalo | wem-1266wp_firmware | to 2.87 (exc) |
| buffalo | vr-u300w_firmware | to 1.42 (exc) |
| buffalo | vr-u500x_firmware | to 1.42 (exc) |
| buffalo | wapm-1266r_firmware | to 1.42 (exc) |
| buffalo | wapm-1266wdpr_firmware | to 1.42 (exc) |
| buffalo | wapm-1266wdpra_firmware | to 1.42 (exc) |
| buffalo | wapm-1750d_firmware | to 1.07 (exc) |
| buffalo | wapm-2133r_firmware | to 1.42 (exc) |
| buffalo | wapm-2133tr_firmware | to 1.42 (exc) |
| buffalo | wapm-ax4r_firmware | to 1.42 (exc) |
| buffalo | wapm-ax8r_firmware | to 1.42 (exc) |
| buffalo | wapm-axetr_firmware | to 1.42 (exc) |
| buffalo | waps-1266_firmware | to 1.42 (exc) |
| buffalo | waps-ax4_firmware | to 1.42 (exc) |
| buffalo | fs-m1266_firmware | to 4.13 (exc) |
| buffalo | fs-s1266_firmware | to 4.13 (exc) |
| buffalo | wzr-600dhp_firmware | * |
| buffalo | wzr-600dhp2_firmware | * |
| buffalo | wzr-600dhp3_firmware | * |
| buffalo | wzr-900dhp_firmware | * |
| buffalo | wzr-900dhp2_firmware | * |
| buffalo | wzr-s600dhp_firmware | * |
| buffalo | wzr-s900dhp_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32669 is a code injection vulnerability found in multiple BUFFALO Wi-Fi router products. This vulnerability allows attackers who access the device's login screen to execute arbitrary code on the affected devices. It is part of a set of multiple security issues including authentication bypass, OS command injection, information disclosure, and unauthorized configuration changes.
Specifically, attackers can exploit this vulnerability to run malicious code without proper authentication, potentially gaining control over the device. The vulnerability affects various models of BUFFALO Wi-Fi routers, repeaters, VPN routers, and access points.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to severe impacts including unauthorized execution of arbitrary code on the affected devices. This can result in attackers gaining control over the router or network device.
- Unauthorized access to sensitive configuration information.
- Execution of arbitrary OS commands and code, potentially compromising the device's integrity.
- Authentication bypass allowing attackers to perform firmware updates or steal configuration data without permission.
- Exposure of debug functions that can be exploited to execute commands.
- Denial of Service attacks through remote rebooting of the device.
If the device's 'Internet-side remote access' setting is enabled, these attacks can be launched remotely from the internet, increasing the risk.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-32669 vulnerability, the primary recommended step is to update the firmware of affected Buffalo network products to the fixed versions released by the vendor.
- For Target Product A (various Wi-Fi routers, repeaters, VPN routers, and access points), apply the latest firmware updates provided by Buffalo.
- Ensure that automatic firmware update functions are enabled on your devices, especially if using Windows or Mac, as these are enabled by default for most models.
- If automatic updates are disabled, manually download and install the fixed firmware versions from Buffalo's official site.
- For Target Product B (older Wi-Fi routers such as WZR-600DHP and WZR-900DHP series) which no longer receive firmware updates, discontinue use and migrate to newer supported products.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to execute arbitrary code, bypass authentication, steal configuration information, and perform unauthorized firmware updates on affected BUFFALO Wi-Fi router products.
Such unauthorized access and control over network devices can lead to exposure of sensitive data and compromise of network security, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive information.
Specifically, the ability to steal configuration data and execute arbitrary code could lead to data breaches or unauthorized data processing, violating principles of confidentiality and integrity mandated by these standards.
Therefore, if exploited, this vulnerability could negatively impact an organization's compliance posture with common security and privacy regulations.