SB2026032735 - Multiple vulnerabilities in BUFFALO Wi-Fi routers

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Buffer overflow when processing HTTP requests (CVE-ID: CVE-2015-1548)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper handling of long string passed via HTTP request. A remote attacker can send a specially crafted HTTP GET request with protocol name longer than 10000 bytes, cause out-of-bounds read and obtain potentially sensitive information from system memory.

Exploitation example:

perl -e 'print "GET / " . "X"x65536 . "/Y" . "\r\n\r\n"' | ncat localhost 80

Successful exploitation of this vulnerability may allow an attacker to obtain potentially sensitive data stored in RAM, such as passwords, private encryption keys etc.

2) Missing Authentication for Critical Function (CVE-ID: CVE-2026-33366)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function. A remote attacker can reboot the product without authentication.

3) Hidden functionality (CVE-ID: CVE-2026-33280)

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator can execute arbitrary code on the target system.

4) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2026-32678)

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to the authentication bypass using an alternate path or channel. A remote administrator can alter critical configuration settings without authentication.

5) Code Injection (CVE-ID: CVE-2026-32669)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

6) OS Command Injection (CVE-ID: CVE-2026-27650)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://jvn.jp/en/jp/JVN83788689/index.html"
• https://jvn.jp/en/jp/JVN83788689/index.html</a></p><p>
• https://www.buffalo.jp/news/detail/20260323-01.html</p><p><br></p>