CVE-2026-33366
moderate-risk
Published 2026-03-27
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Wcr-1166Dhpl Firmware
Wsr3600Be4-Kh Firmware
Wsr3600Be4P Firmware
Wxr-1750Dhp Firmware
Wxr-1750Dhp2 Firmware
Wxr18000Be10P Firmware
Wxr-1900Dhp Firmware
Wxr-1900Dhp2 Firmware
Wxr-1900Dhp3 Firmware
Wxr-5950Ax12 Firmware
Wxr-6000Ax12B Firmware
Wxr-6000Ax12P Firmware
Wxr-6000Ax12S Firmware
Wzr-1166Dhp Firmware
Wzr-1166Dhp2 Firmware
Wzr-1750Dhp Firmware
Wzr-1750Dhp2 Firmware
Wzr-S1750Dhp Firmware
Wrm-D2133Hp Firmware
Wrm-D2133Hs Firmware
Affected Vendors
References (2)
Third Party Advisory
https://jvn.jp/en/jp/JVN83788689/
Vendor Advisory
https://www.buffalo.jp/news/detail/20260323-01.html
47
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
25/34 · High