CVE-2026-32678 Buffalo — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.7 (HIGH)
Affected Versions	before 6.02
Fixed In	1.01
Type	CWE-288 (Authentication Bypass Using Alternate Path)
Vendor	Buffalo
Public PoC	No

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-288 Authentication Bypass Using Alternate Path

Vulnerable Products 92

Configuration	From (including)	Up to (excluding)
Buffalo Wzr-S900dhp_Firmware cpe:2.3:o:buffalo:wzr-s900dhp_firmware:-:::::::*	—	—
Buffalo Wzr-S900dhp cpe:2.3:h:buffalo:wzr-s900dhp:-:::::::*	—	—
Buffalo Wcr-1166dhpl_Firmware cpe:2.3:o:buffalo:wcr-1166dhpl_firmware::::::::	—	`1.01`
Buffalo Wcr-1166dhpl cpe:2.3:h:buffalo:wcr-1166dhpl:-:::::::*	—	—
Buffalo Wsr3600be4-Kh_Firmware cpe:2.3:o:buffalo:wsr3600be4-kh_firmware::::::::	—	`6.02`
Buffalo Wsr3600be4-Kh cpe:2.3:h:buffalo:wsr3600be4-kh:-:::::::*	—	—
Buffalo Wsr3600be4p_Firmware cpe:2.3:o:buffalo:wsr3600be4p_firmware::::::::	—	`5.02`
Buffalo Wsr3600be4p cpe:2.3:h:buffalo:wsr3600be4p:-:::::::*	—	—
Buffalo Wxr-1750dhp_Firmware cpe:2.3:o:buffalo:wxr-1750dhp_firmware::::::::	—	`2.63`
Buffalo Wxr-1750dhp cpe:2.3:h:buffalo:wxr-1750dhp:-:::::::*	—	—
Buffalo Wxr-1750dhp2_Firmware cpe:2.3:o:buffalo:wxr-1750dhp2_firmware::::::::	—	`2.63`
Buffalo Wxr-1750dhp2 cpe:2.3:h:buffalo:wxr-1750dhp2:-:::::::*	—	—
Buffalo Wxr18000be10p_Firmware cpe:2.3:o:buffalo:wxr18000be10p_firmware::::::::	—	`5.03`
Buffalo Wxr18000be10p cpe:2.3:h:buffalo:wxr18000be10p:-:::::::*	—	—
Buffalo Wxr-1900dhp_Firmware cpe:2.3:o:buffalo:wxr-1900dhp_firmware::::::::	—	`2.53`
Buffalo Wxr-1900dhp cpe:2.3:h:buffalo:wxr-1900dhp:-:::::::*	—	—
Buffalo Wxr-1900dhp2_Firmware cpe:2.3:o:buffalo:wxr-1900dhp2_firmware::::::::	—	`2.62`
Buffalo Wxr-1900dhp2 cpe:2.3:h:buffalo:wxr-1900dhp2:-:::::::*	—	—
Buffalo Wxr-1900dhp3_Firmware cpe:2.3:o:buffalo:wxr-1900dhp3_firmware::::::::	—	`2.66`
Buffalo Wxr-1900dhp3 cpe:2.3:h:buffalo:wxr-1900dhp3:-:::::::*	—	—
Buffalo Wxr-5950ax12_Firmware cpe:2.3:o:buffalo:wxr-5950ax12_firmware::::::::	—	`3.57`
Buffalo Wxr-5950ax12 cpe:2.3:h:buffalo:wxr-5950ax12:-:::::::*	—	—
Buffalo Wxr-6000ax12b_Firmware cpe:2.3:o:buffalo:wxr-6000ax12b_firmware::::::::	—	`3.57`
Buffalo Wxr-6000ax12b cpe:2.3:h:buffalo:wxr-6000ax12b:-:::::::*	—	—
Buffalo Wxr-6000ax12p_Firmware cpe:2.3:o:buffalo:wxr-6000ax12p_firmware::::::::	—	`3.57`
Buffalo Wxr-6000ax12p cpe:2.3:h:buffalo:wxr-6000ax12p:-:::::::*	—	—
Buffalo Wxr-6000ax12s_Firmware cpe:2.3:o:buffalo:wxr-6000ax12s_firmware::::::::	—	`3.57`
Buffalo Wxr-6000ax12s cpe:2.3:h:buffalo:wxr-6000ax12s:-:::::::*	—	—
Buffalo Wzr-1166dhp_Firmware cpe:2.3:o:buffalo:wzr-1166dhp_firmware::::::::	—	`2.20`
Buffalo Wzr-1166dhp cpe:2.3:h:buffalo:wzr-1166dhp:-:::::::*	—	—
Buffalo Wzr-1166dhp2_Firmware cpe:2.3:o:buffalo:wzr-1166dhp2_firmware::::::::	—	`2.20`
Buffalo Wzr-1166dhp2 cpe:2.3:h:buffalo:wzr-1166dhp2:-:::::::*	—	—
Buffalo Wzr-1750dhp_Firmware cpe:2.3:o:buffalo:wzr-1750dhp_firmware::::::::	—	`2.32`
Buffalo Wzr-1750dhp cpe:2.3:h:buffalo:wzr-1750dhp:-:::::::*	—	—
Buffalo Wzr-1750dhp2_Firmware cpe:2.3:o:buffalo:wzr-1750dhp2_firmware::::::::	—	`2.33`
Buffalo Wzr-1750dhp2 cpe:2.3:h:buffalo:wzr-1750dhp2:-:::::::*	—	—
Buffalo Wzr-S1750dhp_Firmware cpe:2.3:o:buffalo:wzr-s1750dhp_firmware::::::::	—	`2.34`
Buffalo Wzr-S1750dhp cpe:2.3:h:buffalo:wzr-s1750dhp:-:::::::*	—	—
Buffalo Wrm-D2133hp_Firmware cpe:2.3:o:buffalo:wrm-d2133hp_firmware::::::::	—	`3.01`
Buffalo Wrm-D2133hp cpe:2.3:h:buffalo:wrm-d2133hp:-:::::::*	—	—
Buffalo Wrm-D2133hs_Firmware cpe:2.3:o:buffalo:wrm-d2133hs_firmware::::::::	—	`3.01`
Buffalo Wrm-D2133hs cpe:2.3:h:buffalo:wrm-d2133hs:-:::::::*	—	—
Buffalo Wtr-M2133hp_Firmware cpe:2.3:o:buffalo:wtr-m2133hp_firmware::::::::	—	`3.01`
Buffalo Wtr-M2133hp cpe:2.3:h:buffalo:wtr-m2133hp:-:::::::*	—	—
Buffalo Wtr-M2133hs_Firmware cpe:2.3:o:buffalo:wtr-m2133hs_firmware::::::::	—	`3.01`
Buffalo Wtr-M2133hs cpe:2.3:h:buffalo:wtr-m2133hs:-:::::::*	—	—
Buffalo Wem-1266_Firmware cpe:2.3:o:buffalo:wem-1266_firmware::::::::	—	`2.87`
Buffalo Wem-1266 cpe:2.3:h:buffalo:wem-1266:-:::::::*	—	—
Buffalo Wem-1266wp_Firmware cpe:2.3:o:buffalo:wem-1266wp_firmware::::::::	—	`2.87`
Buffalo Wem-1266wp cpe:2.3:h:buffalo:wem-1266wp:-:::::::*	—	—
Buffalo Vr-U300w_Firmware cpe:2.3:o:buffalo:vr-u300w_firmware::::::::	—	`1.42`
Buffalo Vr-U300w cpe:2.3:h:buffalo:vr-u300w:-:::::::*	—	—
Buffalo Vr-U500x_Firmware cpe:2.3:o:buffalo:vr-u500x_firmware::::::::	—	`1.42`
Buffalo Vr-U500x cpe:2.3:h:buffalo:vr-u500x:-:::::::*	—	—
Buffalo Wapm-1266r_Firmware cpe:2.3:o:buffalo:wapm-1266r_firmware::::::::	—	`1.42`
Buffalo Wapm-1266r cpe:2.3:h:buffalo:wapm-1266r:-:::::::*	—	—
Buffalo Wapm-1266wdpr_Firmware cpe:2.3:o:buffalo:wapm-1266wdpr_firmware::::::::	—	`1.42`
Buffalo Wapm-1266wdpr cpe:2.3:h:buffalo:wapm-1266wdpr:-:::::::*	—	—
Buffalo Wapm-1266wdpra_Firmware cpe:2.3:o:buffalo:wapm-1266wdpra_firmware::::::::	—	`1.42`
Buffalo Wapm-1266wdpra cpe:2.3:h:buffalo:wapm-1266wdpra:-:::::::*	—	—
Buffalo Wapm-1750d_Firmware cpe:2.3:o:buffalo:wapm-1750d_firmware::::::::	—	`1.07`
Buffalo Wapm-1750d cpe:2.3:h:buffalo:wapm-1750d:-:::::::*	—	—
Buffalo Wapm-2133r_Firmware cpe:2.3:o:buffalo:wapm-2133r_firmware::::::::	—	`1.42`
Buffalo Wapm-2133r cpe:2.3:h:buffalo:wapm-2133r:-:::::::*	—	—
Buffalo Wapm-2133tr_Firmware cpe:2.3:o:buffalo:wapm-2133tr_firmware::::::::	—	`1.42`
Buffalo Wapm-2133tr cpe:2.3:h:buffalo:wapm-2133tr:-:::::::*	—	—
Buffalo Wapm-Ax4r_Firmware cpe:2.3:o:buffalo:wapm-ax4r_firmware::::::::	—	`1.42`
Buffalo Wapm-Ax4r cpe:2.3:h:buffalo:wapm-ax4r:-:::::::*	—	—
Buffalo Wapm-Ax8r_Firmware cpe:2.3:o:buffalo:wapm-ax8r_firmware::::::::	—	`1.42`
Buffalo Wapm-Ax8r cpe:2.3:h:buffalo:wapm-ax8r:-:::::::*	—	—
Buffalo Wapm-Axetr_Firmware cpe:2.3:o:buffalo:wapm-axetr_firmware::::::::	—	`1.42`
Buffalo Wapm-Axetr cpe:2.3:h:buffalo:wapm-axetr:-:::::::*	—	—
Buffalo Waps-1266_Firmware cpe:2.3:o:buffalo:waps-1266_firmware::::::::	—	`1.42`
Buffalo Waps-1266 cpe:2.3:h:buffalo:waps-1266:-:::::::*	—	—
Buffalo Waps-Ax4_Firmware cpe:2.3:o:buffalo:waps-ax4_firmware::::::::	—	`1.42`
Buffalo Waps-Ax4 cpe:2.3:h:buffalo:waps-ax4:-:::::::*	—	—
Buffalo Fs-M1266_Firmware cpe:2.3:o:buffalo:fs-m1266_firmware::::::::	—	`4.13`
Buffalo Fs-M1266 cpe:2.3:h:buffalo:fs-m1266:-:::::::*	—	—
Buffalo Fs-S1266_Firmware cpe:2.3:o:buffalo:fs-s1266_firmware::::::::	—	`4.13`
Buffalo Fs-S1266 cpe:2.3:h:buffalo:fs-s1266:-:::::::*	—	—
Buffalo Wzr-600dhp_Firmware cpe:2.3:o:buffalo:wzr-600dhp_firmware:-:::::::*	—	—
Buffalo Wzr-600dhp cpe:2.3:h:buffalo:wzr-600dhp:-:::::::*	—	—
Buffalo Wzr-600dhp2_Firmware cpe:2.3:o:buffalo:wzr-600dhp2_firmware:-:::::::*	—	—
Buffalo Wzr-600dhp2 cpe:2.3:h:buffalo:wzr-600dhp2:-:::::::*	—	—
Buffalo Wzr-600dhp3_Firmware cpe:2.3:o:buffalo:wzr-600dhp3_firmware:-:::::::*	—	—
Buffalo Wzr-600dhp3 cpe:2.3:h:buffalo:wzr-600dhp3:-:::::::*	—	—
Buffalo Wzr-900dhp_Firmware cpe:2.3:o:buffalo:wzr-900dhp_firmware:-:::::::*	—	—
Buffalo Wzr-900dhp cpe:2.3:h:buffalo:wzr-900dhp:-:::::::*	—	—
Buffalo Wzr-900dhp2_Firmware cpe:2.3:o:buffalo:wzr-900dhp2_firmware:-:::::::*	—	—
Buffalo Wzr-900dhp2 cpe:2.3:h:buffalo:wzr-900dhp2:-:::::::*	—	—
Buffalo Wzr-S600dhp_Firmware cpe:2.3:o:buffalo:wzr-s600dhp_firmware:-:::::::*	—	—
Buffalo Wzr-S600dhp cpe:2.3:h:buffalo:wzr-s600dhp:-:::::::*	—	—