CVE-2026-33280
high-risk
Published 2026-03-27
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
Do I need to act?
-
0.09% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Wcr-1166Dhpl Firmware
Wsr3600Be4-Kh Firmware
Wsr3600Be4P Firmware
Wxr-1750Dhp Firmware
Wxr-1750Dhp2 Firmware
Wxr18000Be10P Firmware
Wxr-1900Dhp Firmware
Wxr-1900Dhp2 Firmware
Wxr-1900Dhp3 Firmware
Wxr-5950Ax12 Firmware
Wxr-6000Ax12B Firmware
Wxr-6000Ax12P Firmware
Wxr-6000Ax12S Firmware
Wzr-1166Dhp Firmware
Wzr-1166Dhp2 Firmware
Wzr-1750Dhp Firmware
Wzr-1750Dhp2 Firmware
Wzr-S1750Dhp Firmware
Wrm-D2133Hp Firmware
Wrm-D2133Hs Firmware
Affected Vendors
References (2)
Third Party Advisory
https://jvn.jp/en/jp/JVN83788689/
Vendor Advisory
https://www.buffalo.jp/news/detail/20260323-01.html
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
0/34 · Minimal
Exposure
25/34 · High