CVE-2026-33280
Received Received - Intake
Hidden Functionality Allows OS Command Execution in BUFFALO Routers

Publication date: 2026-03-27

Last updated on: 2026-03-31

Assigner: JPCERT/CC

Description
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-27
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-33280
EUVD
EUVD-2026-16549
Affected Vendors & Products
Showing 46 associated CPEs
Vendor Product Version / Range
buffalo wcr-1166dhpl_firmware to 1.01 (exc)
buffalo wsr3600be4-kh_firmware to 6.02 (exc)
buffalo wsr3600be4p_firmware to 5.02 (exc)
buffalo wxr-1750dhp_firmware to 2.63 (exc)
buffalo wxr-1750dhp2_firmware to 2.63 (exc)
buffalo wxr18000be10p_firmware to 5.03 (exc)
buffalo wxr-1900dhp_firmware to 2.53 (exc)
buffalo wxr-1900dhp2_firmware to 2.62 (exc)
buffalo wxr-1900dhp3_firmware to 2.66 (exc)
buffalo wxr-5950ax12_firmware to 3.57 (exc)
buffalo wxr-6000ax12b_firmware to 3.57 (exc)
buffalo wxr-6000ax12p_firmware to 3.57 (exc)
buffalo wxr-6000ax12s_firmware to 3.57 (exc)
buffalo wzr-1166dhp_firmware to 2.20 (exc)
buffalo wzr-1166dhp2_firmware to 2.20 (exc)
buffalo wzr-1750dhp_firmware to 2.32 (exc)
buffalo wzr-1750dhp2_firmware to 2.33 (exc)
buffalo wzr-s1750dhp_firmware to 2.34 (exc)
buffalo wrm-d2133hp_firmware to 3.01 (exc)
buffalo wrm-d2133hs_firmware to 3.01 (exc)
buffalo wtr-m2133hp_firmware to 3.01 (exc)
buffalo wtr-m2133hs_firmware to 3.01 (exc)
buffalo wem-1266_firmware to 2.87 (exc)
buffalo wem-1266wp_firmware to 2.87 (exc)
buffalo vr-u300w_firmware to 1.42 (exc)
buffalo vr-u500x_firmware to 1.42 (exc)
buffalo wapm-1266r_firmware to 1.42 (exc)
buffalo wapm-1266wdpr_firmware to 1.42 (exc)
buffalo wapm-1266wdpra_firmware to 1.42 (exc)
buffalo wapm-1750d_firmware to 1.07 (exc)
buffalo wapm-2133r_firmware to 1.42 (exc)
buffalo wapm-2133tr_firmware to 1.42 (exc)
buffalo wapm-ax4r_firmware to 1.42 (exc)
buffalo wapm-ax8r_firmware to 1.42 (exc)
buffalo wapm-axetr_firmware to 1.42 (exc)
buffalo waps-1266_firmware to 1.42 (exc)
buffalo waps-ax4_firmware to 1.42 (exc)
buffalo fs-m1266_firmware to 4.13 (exc)
buffalo fs-s1266_firmware to 4.13 (exc)
buffalo wzr-600dhp_firmware *
buffalo wzr-600dhp2_firmware *
buffalo wzr-600dhp3_firmware *
buffalo wzr-900dhp_firmware *
buffalo wzr-900dhp2_firmware *
buffalo wzr-s600dhp_firmware *
buffalo wzr-s900dhp_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-912 The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a hidden functionality issue found in BUFFALO Wi-Fi router products. It may allow an attacker to access the router's debugging functionality, which is not intended for general use.

By gaining access to this debugging functionality, the attacker can execute arbitrary operating system commands on the device.

Impact Analysis

The vulnerability can have a significant impact as it allows an attacker to execute arbitrary OS commands on the affected BUFFALO Wi-Fi router.

  • Compromise of the router's security and control.
  • Potential unauthorized access to network traffic or connected devices.
  • Disruption of network availability or integrity.
Compliance Impact

The vulnerability allows an attacker to gain access to debugging functionality and execute arbitrary OS commands on BUFFALO Wi-Fi router products.

This could lead to unauthorized access, data breaches, or disruption of services, which may impact compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data and system integrity.

However, specific impacts on compliance are not detailed in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-33280. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart