CVE-2026-32678

Received Received - Intake

Authentication Bypass in BUFFALO Wi-Fi Routers Enables Configuration Changes

Publication date: 2026-03-27

Last updated on: 2026-03-31

Assigner: JPCERT/CC

Description

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-03-27

Last Modified

2026-03-31

Generated

2026-05-07

AI Q&A

2026-03-27

EPSS Evaluated

2026-05-05

NVD

CVE-2026-32678

EUVD

EUVD-2026-16547

Affected Vendors & Products

Vendor	Product	Version / Range
buffalo	wzr-s900dhp_firmware	*
buffalo	wcr-1166dhpl_firmware	to 1.01 (exc)
buffalo	wsr3600be4-kh_firmware	to 6.02 (exc)
buffalo	wsr3600be4p_firmware	to 5.02 (exc)
buffalo	wxr-1750dhp_firmware	to 2.63 (exc)
buffalo	wxr-1750dhp2_firmware	to 2.63 (exc)
buffalo	wxr18000be10p_firmware	to 5.03 (exc)
buffalo	wxr-1900dhp_firmware	to 2.53 (exc)
buffalo	wxr-1900dhp2_firmware	to 2.62 (exc)
buffalo	wxr-1900dhp3_firmware	to 2.66 (exc)
buffalo	wxr-5950ax12_firmware	to 3.57 (exc)
buffalo	wxr-6000ax12b_firmware	to 3.57 (exc)
buffalo	wxr-6000ax12p_firmware	to 3.57 (exc)
buffalo	wxr-6000ax12s_firmware	to 3.57 (exc)
buffalo	wzr-1166dhp_firmware	to 2.20 (exc)
buffalo	wzr-1166dhp2_firmware	to 2.20 (exc)
buffalo	wzr-1750dhp_firmware	to 2.32 (exc)
buffalo	wzr-1750dhp2_firmware	to 2.33 (exc)
buffalo	wzr-s1750dhp_firmware	to 2.34 (exc)
buffalo	wrm-d2133hp_firmware	to 3.01 (exc)
buffalo	wrm-d2133hs_firmware	to 3.01 (exc)
buffalo	wtr-m2133hp_firmware	to 3.01 (exc)
buffalo	wtr-m2133hs_firmware	to 3.01 (exc)
buffalo	wem-1266_firmware	to 2.87 (exc)
buffalo	wem-1266wp_firmware	to 2.87 (exc)
buffalo	vr-u300w_firmware	to 1.42 (exc)
buffalo	vr-u500x_firmware	to 1.42 (exc)
buffalo	wapm-1266r_firmware	to 1.42 (exc)
buffalo	wapm-1266wdpr_firmware	to 1.42 (exc)
buffalo	wapm-1266wdpra_firmware	to 1.42 (exc)
buffalo	wapm-1750d_firmware	to 1.07 (exc)
buffalo	wapm-2133r_firmware	to 1.42 (exc)
buffalo	wapm-2133tr_firmware	to 1.42 (exc)
buffalo	wapm-ax4r_firmware	to 1.42 (exc)
buffalo	wapm-ax8r_firmware	to 1.42 (exc)
buffalo	wapm-axetr_firmware	to 1.42 (exc)
buffalo	waps-1266_firmware	to 1.42 (exc)
buffalo	waps-ax4_firmware	to 1.42 (exc)
buffalo	fs-m1266_firmware	to 4.13 (exc)
buffalo	fs-s1266_firmware	to 4.13 (exc)
buffalo	wzr-600dhp_firmware	*
buffalo	wzr-600dhp2_firmware	*
buffalo	wzr-600dhp3_firmware	*
buffalo	wzr-900dhp_firmware	*
buffalo	wzr-900dhp2_firmware	*
buffalo	wzr-s600dhp_firmware	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-288	The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Attack-Flow Graph

AI Powered Q&A

How can this vulnerability impact me? :

An attacker exploiting this vulnerability can alter critical configuration settings on your BUFFALO Wi-Fi router without authentication. This could lead to unauthorized changes that may compromise the security or functionality of your network.

Can you explain this vulnerability to me?

This vulnerability is an authentication bypass issue found in BUFFALO Wi-Fi router products. It allows an attacker to change important configuration settings on the router without needing to authenticate.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-32678

Authentication Bypass in BUFFALO Wi-Fi Routers Enables Configuration Changes

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart