High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-29	CVE-2021-20092	Improper Authentication vulnerability in Buffalo products The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor. network low complexity buffalo CWE-287	7.5
2021-04-28	CVE-2021-3512	Unspecified vulnerability in Buffalo products Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. low complexity buffalo	8.8
2019-05-02	CVE-2018-16961	Path Traversal vulnerability in Buffalo Open Xdmod 7.5.0 An issue was discovered in Open XDMoD through 7.5.0. network low complexity buffalo CWE-22	7.5
2018-11-26	CVE-2018-13321	Incorrect Permission Assignment for Critical Resource vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. network low complexity buffalo CWE-732	8.8
2018-11-26	CVE-2018-13320	OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. network low complexity buffalo CWE-78	7.2
2018-11-26	CVE-2018-13319	Information Exposure vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. network low complexity buffalo CWE-200	7.5
2018-11-26	CVE-2018-13318	OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. network low complexity buffalo CWE-78	7.2
2018-04-09	CVE-2018-0556	OS Command Injection vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. low complexity buffalo CWE-78	8.8
2018-04-09	CVE-2018-0555	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. local low complexity buffalo CWE-119	7.8
2018-04-09	CVE-2018-0554	Missing Authentication for Critical Function vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. low complexity buffalo CWE-306	8.8