Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-33280

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-27 Mar, 2026 | 05:25
Updated At-27 Mar, 2026 | 19:54
Rejected At-
Credits

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:27 Mar, 2026 | 05:25
Updated At:27 Mar, 2026 | 19:54
Rejected At:
â–¼CVE Numbering Authority (CNA)

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.

Affected Products
Vendor
BUFFALO INC.BUFFALO INC.
Product
BUFFALO Wi-Fi router products
Versions
Affected
  • See "References" section
Problem Types
TypeCWE IDDescription
CWECWE-912Hidden functionality
Type: CWE
CWE ID: CWE-912
Description: Hidden functionality
Metrics
VersionBase scoreBase severityVector
3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.buffalo.jp/news/detail/20260323-01.html
N/A
https://jvn.jp/en/jp/JVN83788689/
N/A
Hyperlink: https://www.buffalo.jp/news/detail/20260323-01.html
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN83788689/
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:27 Mar, 2026 | 06:16
Updated At:31 Mar, 2026 | 19:03

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.07.2HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
BUFFALO INC.
buffalo
>>wcr-1166dhpl_firmware>>Versions before 1.01(exclusive)
cpe:2.3:o:buffalo:wcr-1166dhpl_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wcr-1166dhpl>>-
cpe:2.3:h:buffalo:wcr-1166dhpl:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wsr3600be4-kh_firmware>>Versions before 6.02(exclusive)
cpe:2.3:o:buffalo:wsr3600be4-kh_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wsr3600be4-kh>>-
cpe:2.3:h:buffalo:wsr3600be4-kh:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wsr3600be4p_firmware>>Versions before 5.02(exclusive)
cpe:2.3:o:buffalo:wsr3600be4p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wsr3600be4p>>-
cpe:2.3:h:buffalo:wsr3600be4p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1750dhp_firmware>>Versions before 2.63(exclusive)
cpe:2.3:o:buffalo:wxr-1750dhp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1750dhp>>-
cpe:2.3:h:buffalo:wxr-1750dhp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1750dhp2_firmware>>Versions before 2.63(exclusive)
cpe:2.3:o:buffalo:wxr-1750dhp2_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1750dhp2>>-
cpe:2.3:h:buffalo:wxr-1750dhp2:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr18000be10p_firmware>>Versions before 5.03(exclusive)
cpe:2.3:o:buffalo:wxr18000be10p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr18000be10p>>-
cpe:2.3:h:buffalo:wxr18000be10p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1900dhp_firmware>>Versions before 2.53(exclusive)
cpe:2.3:o:buffalo:wxr-1900dhp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1900dhp>>-
cpe:2.3:h:buffalo:wxr-1900dhp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1900dhp2_firmware>>Versions before 2.62(exclusive)
cpe:2.3:o:buffalo:wxr-1900dhp2_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1900dhp2>>-
cpe:2.3:h:buffalo:wxr-1900dhp2:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1900dhp3_firmware>>Versions before 2.66(exclusive)
cpe:2.3:o:buffalo:wxr-1900dhp3_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-1900dhp3>>-
cpe:2.3:h:buffalo:wxr-1900dhp3:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-5950ax12_firmware>>Versions before 3.57(exclusive)
cpe:2.3:o:buffalo:wxr-5950ax12_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-5950ax12>>-
cpe:2.3:h:buffalo:wxr-5950ax12:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-6000ax12b_firmware>>Versions before 3.57(exclusive)
cpe:2.3:o:buffalo:wxr-6000ax12b_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-6000ax12b>>-
cpe:2.3:h:buffalo:wxr-6000ax12b:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-6000ax12p_firmware>>Versions before 3.57(exclusive)
cpe:2.3:o:buffalo:wxr-6000ax12p_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-6000ax12p>>-
cpe:2.3:h:buffalo:wxr-6000ax12p:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-6000ax12s_firmware>>Versions before 3.57(exclusive)
cpe:2.3:o:buffalo:wxr-6000ax12s_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wxr-6000ax12s>>-
cpe:2.3:h:buffalo:wxr-6000ax12s:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1166dhp_firmware>>Versions before 2.20(exclusive)
cpe:2.3:o:buffalo:wzr-1166dhp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1166dhp>>-
cpe:2.3:h:buffalo:wzr-1166dhp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1166dhp2_firmware>>Versions before 2.20(exclusive)
cpe:2.3:o:buffalo:wzr-1166dhp2_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1166dhp2>>-
cpe:2.3:h:buffalo:wzr-1166dhp2:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1750dhp_firmware>>Versions before 2.32(exclusive)
cpe:2.3:o:buffalo:wzr-1750dhp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1750dhp>>-
cpe:2.3:h:buffalo:wzr-1750dhp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1750dhp2_firmware>>Versions before 2.33(exclusive)
cpe:2.3:o:buffalo:wzr-1750dhp2_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-1750dhp2>>-
cpe:2.3:h:buffalo:wzr-1750dhp2:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-s1750dhp_firmware>>Versions before 2.34(exclusive)
cpe:2.3:o:buffalo:wzr-s1750dhp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wzr-s1750dhp>>-
cpe:2.3:h:buffalo:wzr-s1750dhp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wrm-d2133hp_firmware>>Versions before 3.01(exclusive)
cpe:2.3:o:buffalo:wrm-d2133hp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wrm-d2133hp>>-
cpe:2.3:h:buffalo:wrm-d2133hp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wrm-d2133hs_firmware>>Versions before 3.01(exclusive)
cpe:2.3:o:buffalo:wrm-d2133hs_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wrm-d2133hs>>-
cpe:2.3:h:buffalo:wrm-d2133hs:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wtr-m2133hp_firmware>>Versions before 3.01(exclusive)
cpe:2.3:o:buffalo:wtr-m2133hp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wtr-m2133hp>>-
cpe:2.3:h:buffalo:wtr-m2133hp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wtr-m2133hs_firmware>>Versions before 3.01(exclusive)
cpe:2.3:o:buffalo:wtr-m2133hs_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wtr-m2133hs>>-
cpe:2.3:h:buffalo:wtr-m2133hs:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wem-1266_firmware>>Versions before 2.87(exclusive)
cpe:2.3:o:buffalo:wem-1266_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wem-1266>>-
cpe:2.3:h:buffalo:wem-1266:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wem-1266wp_firmware>>Versions before 2.87(exclusive)
cpe:2.3:o:buffalo:wem-1266wp_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>wem-1266wp>>-
cpe:2.3:h:buffalo:wem-1266wp:-:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>vr-u300w_firmware>>Versions before 1.42(exclusive)
cpe:2.3:o:buffalo:vr-u300w_firmware:*:*:*:*:*:*:*:*
BUFFALO INC.
buffalo
>>vr-u300w>>-
cpe:2.3:h:buffalo:vr-u300w:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-912Primaryvultures@jpcert.or.jp
CWE ID: CWE-912
Type: Primary
Source: vultures@jpcert.or.jp
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/jp/JVN83788689/vultures@jpcert.or.jp
Third Party Advisory
https://www.buffalo.jp/news/detail/20260323-01.htmlvultures@jpcert.or.jp
Vendor Advisory
Hyperlink: https://jvn.jp/en/jp/JVN83788689/
Source: vultures@jpcert.or.jp
Resource:
Third Party Advisory
Hyperlink: https://www.buffalo.jp/news/detail/20260323-01.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

28Records found
CVE-2026-32669
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.04% / 12.89%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 05:24
Updated-31 Mar, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

Action-Not Available
Vendor-BUFFALO INC.
Product-wzr-600dhp3_firmwarewsr3600be4pvr-u300w_firmwarewapm-1266rwxr-6000ax12s_firmwarevr-u300wwzr-1166dhp2_firmwarewapm-ax8r_firmwarewzr-1750dhp2wxr18000be10pwzr-600dhp_firmwarewcr-1166dhplwzr-600dhpwxr-1900dhp2_firmwarewtr-m2133hpwxr-1900dhp3fs-s1266waps-ax4_firmwarewxr-1900dhpwapm-axetr_firmwarewapm-axetrwxr-6000ax12p_firmwarewzr-s900dhpwem-1266wzr-600dhp2waps-1266wxr-1900dhp2wtr-m2133hs_firmwarewzr-s600dhpwapm-ax4rwcr-1166dhpl_firmwarewxr-6000ax12swapm-2133r_firmwarewzr-900dhpwxr18000be10p_firmwarewapm-2133trwaps-ax4wzr-s600dhp_firmwarewzr-900dhp2_firmwarewapm-2133rwzr-1166dhpwzr-1750dhp_firmwarewzr-1750dhp2_firmwarewapm-1750dwapm-1266wdprawxr-1900dhp3_firmwarewxr-1750dhp_firmwarewtr-m2133hswsr3600be4-khwxr-1750dhpwzr-1166dhp2wapm-ax4r_firmwarewrm-d2133hswzr-1166dhp_firmwarewxr-6000ax12pwxr-6000ax12b_firmwarewapm-1266r_firmwarewsr3600be4p_firmwarewaps-1266_firmwarefs-s1266_firmwarewxr-5950ax12wzr-600dhp2_firmwarewem-1266wp_firmwarewapm-2133tr_firmwarewxr-6000ax12bwzr-s900dhp_firmwarewxr-1750dhp2wrm-d2133hpwrm-d2133hs_firmwarewxr-1900dhp_firmwarewzr-900dhp2wzr-1750dhpwzr-600dhp3wtr-m2133hp_firmwarewapm-1266wdpr_firmwarewapm-1750d_firmwarewrm-d2133hp_firmwarewzr-s1750dhp_firmwarewem-1266_firmwarewem-1266wpwzr-s1750dhpfs-m1266wxr-1750dhp2_firmwarewapm-1266wdprvr-u500xwapm-1266wdpra_firmwarefs-m1266_firmwarevr-u500x_firmwarewzr-900dhp_firmwarewxr-5950ax12_firmwarewapm-ax8rwsr3600be4-kh_firmwareBUFFALO Wi-Fi router products
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-27650
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.07% / 21.94%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 05:24
Updated-31 Mar, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

Action-Not Available
Vendor-BUFFALO INC.
Product-wzr-600dhp3_firmwarewsr3600be4pvr-u300w_firmwarewapm-1266rwxr-6000ax12s_firmwarevr-u300wwzr-1166dhp2_firmwarewapm-ax8r_firmwarewzr-1750dhp2wxr18000be10pwzr-600dhp_firmwarewcr-1166dhplwzr-600dhpwxr-1900dhp2_firmwarewtr-m2133hpwxr-1900dhp3fs-s1266waps-ax4_firmwarewxr-1900dhpwapm-axetr_firmwarewapm-axetrwxr-6000ax12p_firmwarewzr-s900dhpwem-1266wzr-600dhp2waps-1266wxr-1900dhp2wtr-m2133hs_firmwarewzr-s600dhpwapm-ax4rwcr-1166dhpl_firmwarewxr-6000ax12swapm-2133r_firmwarewzr-900dhpwxr18000be10p_firmwarewapm-2133trwaps-ax4wzr-s600dhp_firmwarewzr-900dhp2_firmwarewapm-2133rwzr-1166dhpwzr-1750dhp_firmwarewzr-1750dhp2_firmwarewapm-1750dwapm-1266wdprawxr-1900dhp3_firmwarewxr-1750dhp_firmwarewtr-m2133hswsr3600be4-khwxr-1750dhpwzr-1166dhp2wapm-ax4r_firmwarewrm-d2133hswzr-1166dhp_firmwarewxr-6000ax12pwxr-6000ax12b_firmwarewapm-1266r_firmwarewsr3600be4p_firmwarewaps-1266_firmwarefs-s1266_firmwarewxr-5950ax12wzr-600dhp2_firmwarewem-1266wp_firmwarewapm-2133tr_firmwarewxr-6000ax12bwzr-s900dhp_firmwarewxr-1750dhp2wrm-d2133hpwrm-d2133hs_firmwarewxr-1900dhp_firmwarewzr-900dhp2wzr-1750dhpwzr-600dhp3wtr-m2133hp_firmwarewapm-1266wdpr_firmwarewapm-1750d_firmwarewrm-d2133hp_firmwarewzr-s1750dhp_firmwarewem-1266_firmwarewem-1266wpwzr-s1750dhpfs-m1266wxr-1750dhp2_firmwarewapm-1266wdprvr-u500xwapm-1266wdpra_firmwarefs-m1266_firmwarevr-u500x_firmwarewzr-900dhp_firmwarewxr-5950ax12_firmwarewapm-ax8rwsr3600be4-kh_firmwareBUFFALO Wi-Fi router products
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-61941
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.08% / 22.66%
||
7 Day CHG~0.00%
Published-15 Oct, 2025 | 07:24
Updated-16 Oct, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.

Action-Not Available
Vendor-BUFFALO INC.
Product-WXR9300BE6P series
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-23486
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 65.25%
||
7 Day CHG-0.15%
Published-15 Apr, 2024 | 10:50
Updated-30 Jun, 2025 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.

Action-Not Available
Vendor-BUFFALO INC.
Product-wsr-2533dhp2wsr-2533dhp_firmwarewsr-2533dhp2_firmwarewsr-a2533dhp2_firmwarewsr-2533dhpwsr-a2533dhp2wsr-2533dhpl_firmwarewsr-2533dhplWSR-2533DHPLWSR-2533DHP2WSR-A2533DHP2WSR-2533DHPa2533dhp2wsr-2533dhplwsr-2533dhp2
CWE ID-CWE-256
Plaintext Storage of a Password
CVE-2021-20716
Matching Score-8
Assigner-JPCERT/CC
ShareView Details
Matching Score-8
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-3.03% / 86.69%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 00:45
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.

Action-Not Available
Vendor-BUFFALO INC.
Product-wla2-g54wla-g54c_firmwarewzr-rs-g54_firmwarewli2-tx1-g54_firmwarewbr-g54_firmwarewla2-g54c_firmwarewli3-tx1-amg54_firmwarewbr2-g54fs-g54_firmwarewla-g54whr2-g54fs-g54whr2-g54_firmwarewla2-g54cwzr-hp-g54_firmwarewzr-rs-g54hpwzr-rs-g54hp_firmwarewla-b11whr-g54_firmwarewli2-tx1-ag54_firmwarewbr2-b11_firmwarewbr-g54wli2-tx1-ag54wzr-g108_firmwarewbr-g54l_firmwarewbr2-g54_firmwarewlah-g54whr3-ag54wbr-b11_firmwarewvr-g54-nfwlah-g54_firmwarewli2-tx1-amg54_firmwarewla-g54cwbr2-g54-kdwla-b11_firmwarewbr-b11wzr-g108whr2-g54v_firmwarewli-t1-b11_firmwarebhr-4rvwhr2-a54g54_firmwarewzr-hp-g54wbr-g54lwla2-g54_firmwarewzr-g54_firmwarewzr-g54wlah-am54g54_firmwarewla-g54_firmwarewhr-g54wli3-tx1-amg54wbr2-g54-kd_firmwarewli-t1-b11wli3-tx1-g54_firmwarewlah-a54g54bhr-4rv_firmwarewbr2-b11wli-tx1-g54whr-g54-nf_firmwarewli2-tx1-g54whr-g54-nfwhr2-a54g54wlah-am54g54wli3-tx1-g54wli2-tx1-amg54whr3-ag54_firmwarewli-tx1-g54_firmwarewvr-g54-nf_firmwarewlah-a54g54_firmwarewhr2-g54vwzr-rs-g54Buffalo network devices
CVE-2021-20090
Matching Score-8
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-8
Assigner-Tenable Network Security, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.37% / 99.97%
||
7 Day CHG~0.00%
Published-29 Apr, 2021 | 00:00
Updated-03 Nov, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.

Action-Not Available
Vendor-n/aArcadyan Technology Corp.BUFFALO INC.
Product-wsr-2533dhpl2-bk_firmwarewsr-2533dhpl2-bkwsr-2533dhp3-bk_firmwarewsr-2533dhp3-bkBuffalo WSR-2533DHPL2, Buffalo WSR-2533DHP3Buffalo Firmware
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-13318
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-9.96% / 93.06%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.

Action-Not Available
Vendor-n/aBUFFALO INC.
Product-ts5600d1206ts5600d1206_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-13320
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-9.96% / 93.06%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 22:00
Updated-05 Aug, 2024 | 09:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.

Action-Not Available
Vendor-n/aBUFFALO INC.
Product-ts5600d1206_firmwarets5600d1206n/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-3203
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.98%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 12:30
Updated-07 May, 2025 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ORing net IAP-420(+) Hidden Functionality

On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.

Action-Not Available
Vendor-oringnetORing
Product-iap-420_firmwareiap-420iap-420\+iap-420\+_firmwareIAP-420(+)
CWE ID-CWE-912
Hidden Functionality
CVE-2024-39754
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-10||CRITICAL
EPSS-0.25% / 48.67%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 14:21
Updated-21 Aug, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-wl-wn533a8_firmwarewl-wn533a8Wavlink AC3000
CWE ID-CWE-912
Hidden Functionality
CVE-2020-16204
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-3.24% / 87.14%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 20:46
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The affected product is vulnerable due to an undocumented interface found on the device, which may allow an attacker to execute commands as root on the device on the N-Tron 702-W / 702M12-W (all versions).

Action-Not Available
Vendor-redlionn/a
Product-n-tron_702-w_firmwaren-tron_702m12-w_firmwaren-tron_702m12-wn-tron_702-wN-Tron 702-W / 702M12-W
CWE ID-CWE-912
Hidden Functionality
CVE-2020-14487
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.4||CRITICAL
EPSS-0.41% / 61.28%
||
7 Day CHG~0.00%
Published-29 Jul, 2020 | 13:22
Updated-16 Sep, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClinic GA

OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands.

Action-Not Available
Vendor-freemedsoftwareopen source
Product-openclinic_gaOpenClinic GA
CWE ID-CWE-912
Hidden Functionality
CVE-2025-11673
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.35% / 57.52%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 07:35
Updated-14 Oct, 2025 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PiExtract |SOOP-CLM - Hidden Functionality

SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.

Action-Not Available
Vendor-PiExtract
Product-SOOP-CLM
CWE ID-CWE-912
Hidden Functionality
CVE-2020-12504
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 68.07%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 18:42
Updated-16 Sep, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Pepperl+Fuchs improper authorization affects multiple Comtrol RocketLinx products

Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) and ICRL-M-8RJ45/4SFP-G-DIN, ICRL-M-16RJ45/4CP-G-DIN FW 1.2.3 and below has an active TFTP-Service.

Action-Not Available
Vendor-korenixwestermopepperl-fuchsWestermoPepperl+FuchsKorenix
Product-es9528pmi-110-f2gicrl-m-8rj45\/4sfp-g-dinjetwave_3220_firmwarees8509-xt_firmwarees9528-xtes7506icrl-m-16rj45\/4cp-g-din_firmwarees7506_firmwarees8510-xtejetwave_2212gjetwave_3220jetwave_2212xes9528-xt_firmwarejetwave_2212sjetwave_5010jetwave_2212x_firmwarees8510-xtes9528_firmwarejetwave_2311jetwave_5428g-20sfp_firmwarejetwave_5010_firmwarejetwave_4706fjetwave_4510es8510-xt_firmwarees8508_firmwarejetwave_3420_firmwarees9528-xtv2_firmwarejetwave_5428g-20sfpes8510-xte_firmwarees7510_firmwarees8510_firmwarejetwave_5810g_firmwarees9528-xtv2icrl-m-16rj45\/4cp-g-dinjetwave_4706es7510-xticrl-m-8rj45\/4sfp-g-din_firmwarejetwave_2212g_firmwarees8508jetwave_2311_firmwarejetwave_5310es7528jetwave_2212s_firmwarees8509-xtjetwave_4706f_firmwarees8508f_firmwarejetwave_3420pmi-110-f2g_firmwarees8508fjetwave_5810gjetwave_4706_firmwarejetwave_4510_firmwarees7528_firmwarejetwave_5310_firmwarees7510-xt_firmwarees7510es8510P+F Comtrol RocketLinxPMI-110-F2GJetNet
CWE ID-CWE-912
Hidden Functionality
CVE-2024-5514
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 46.11%
||
7 Day CHG~0.00%
Published-30 May, 2024 | 02:14
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MinMax CMS - Hidden Functionality

MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs.

Action-Not Available
Vendor-MinMax Digital Technologyminmax
Product-MinMax CMSminmax
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-912
Hidden Functionality
CVE-2024-28011
Matching Score-4
Assigner-NEC Corporation
ShareView Details
Matching Score-4
Assigner-NEC Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 62.30%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 00:54
Updated-29 Sep, 2025 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wr1200haterm_wr9500n_firmwareaterm_wg600hpaterm_wg1400hpaterm_wr8750naterm_wr8300naterm_wg300hpaterm_wg1200hs2aterm_wg1200hs3_firmwareaterm_wg1810hp\(je\)aterm_wr8700naterm_wg1800hp2_firmwareaterm_wm3800raterm_w1200ex-ms_firmwareaterm_wg1800hp2aterm_wg1900hp2_firmwareaterm_mr02lnaterm_wf800hpaterm_wm3600r_firmwareaterm_wg1200hs3aterm_wr8700n_firmwareaterm_wr6600h_firmwareaterm_wg2200hp_firmwareaterm_wf300hpaterm_wr9300naterm_wf800hp_firmwareaterm_wr4500n_firmwareaterm_wg1810hp\(je\)_firmwareaterm_wr6670saterm_wg1800hp4_firmwareaterm_wr9500naterm_wg300hp_firmwareaterm_wr8150n_firmwareaterm_wg1200hpaterm_wr6650saterm_wr8175naterm_wr7850saterm_wr8100n_firmwareaterm_wr7850s_firmwareaterm_wr8200n_firmwareaterm_wm3400rnaterm_cr2500paterm_wr8100naterm_wm3500r_firmwareaterm_w300paterm_wr4100n_firmwareaterm_wm3400rn_firmwareaterm_wr7870saterm_wr8150naterm_wr8165n_firmwareaterm_wr8160n_firmwareaterm_wf1200hp2_firmwareaterm_wr8500n_firmwareaterm_wf300hp2aterm_wg1200hp2aterm_wg1900hpaterm_w1200ex-msaterm_w300p_firmwareaterm_wm3500raterm_wg1800hp3_firmwareaterm_wr1200h_firmwareaterm_wf1200hp_firmwareaterm_wf300hp2_firmwareaterm_wr7800h_firmwareaterm_wr9300n_firmwareaterm_wg1200hs2_firmwareaterm_wg1800hp3aterm_wr8166n_firmwareaterm_wr6650s_firmwareaterm_wg1900hp2aterm_wg1200hs_firmwareaterm_wr6600haterm_wr8165naterm_wr7800haterm_wr8166naterm_wr8370n_firmwareaterm_cr2500p_firmwareaterm_wm3600raterm_wr8160naterm_wf1200hp2aterm_wr4100naterm_mr01ln_firmwareaterm_wm3800r_firmwareaterm_wg1200hp3_firmwareaterm_wr8750n_firmwareaterm_wr8370naterm_wg1800hp_firmwareaterm_wr8175n_firmwareaterm_mr02ln_firmwareaterm_wg1400hp_firmwareaterm_wg1810hp\(mf\)_firmwareaterm_wr8400naterm_wg1200hp2_firmwareaterm_wr4500naterm_wg1810hp\(mf\)aterm_wg1900hp_firmwareaterm_wm3450rnaterm_wr8200naterm_wf300hp_firmwareaterm_wg2200hpaterm_wr7870s_firmwareaterm_wr6670s_firmwareaterm_wg1200hp3aterm_wr8170n_firmwareaterm_wf1200hpaterm_wr8600naterm_wg600hp_firmwareaterm_wr8600n_firmwareaterm_wg1200hsaterm_wg1800hpaterm_wr8500naterm_wg1200hp_firmwareaterm_wr8170naterm_wr8300n_firmwareaterm_mr01lnaterm_wg1800hp4aterm_wr8400n_firmwareaterm_wm3450rn_firmwareWR6600HWM3500RW300PWR8300NWR1200HWR6670SWG600HPWF1200HP2WM3400RNWM3800RWR9300NWR8166NWG1800HP4WG2200HPWR8165NWG1200HS3WR6650SWM3450RNWG1200HSWF300HP2WG1200HP3WG1900HP2WF800HPWR8400NWR9500NWR8100NWF1200HPWR8160NWR7800HWR8500NWG1810HP(JE)WG1810HP(MF)WR4500NWR8200NWR8170NWG1800HP2CR2500PWR8600NWG1800HPWG1200HPWF300HPWM3600RWG1900HPWR8150NWG1200HS2WR4100NWG1400HPWR8370NWR8750NWR8175NWR7870SWG1800HP3WG1200HP2WR7850SMR01LNWG300HPMR02LNWR8700NW1200EX(-MS)aterm_wr9500n_firmware
CWE ID-CWE-912
Hidden Functionality
CVE-2025-58778
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.6||HIGH
EPSS-0.07% / 21.75%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 06:04
Updated-16 Oct, 2025 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the knowledge of the related credentials can log in to the affected device, leading to information disclosure, altering the system configurations, or causing a denial of service (DoS) condition.

Action-Not Available
Vendor-Ruijie Networks Co., Ltd.
Product-RG-EST300
CWE ID-CWE-912
Hidden Functionality
CVE-2026-1952
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 12.57%
||
7 Day CHG~0.00%
Published-24 Apr, 2026 | 06:08
Updated-24 Apr, 2026 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of service via the undocumented subfunction in AS320T

Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability.

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-AS320T
CWE ID-CWE-912
Hidden Functionality
CVE-2024-45697
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-2.21% / 84.51%
||
7 Day CHG-0.07%
Published-16 Sep, 2024 | 06:48
Updated-19 Sep, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
D-Link WiFi router - Hidden Functionality

Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials.

Action-Not Available
Vendor-D-Link Corporation
Product-dir-x4860_firmwaredir-x4860DIR-X4860 A1dir-4860_a1
CWE ID-CWE-912
Hidden Functionality
CVE-2021-43987
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.47%
||
7 Day CHG~0.00%
Published-23 Dec, 2021 | 19:48
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mySCADA myPRO

An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.

Action-Not Available
Vendor-myscadamySCADA
Product-mypromyPRO
CWE ID-CWE-912
Hidden Functionality
CVE-2021-24867
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-6.69% / 91.27%
||
7 Day CHG~0.00%
Published-21 Feb, 2022 | 10:45
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Backdoored Plugins & Themes from AccessPress Themes

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion

Action-Not Available
Vendor-accesspressthemesAccessPress Themes
Product-accesspress_rayconstruction_litewp_1_sliderswing_liteeverest_timeline_literippleeverest_coming_soon_liteaccesspress_parallaxaccesspress_basiceasy_side_tabeverest_comment_rating_litesmart_logo_showcase_litegaga_liteap_companioneverest_gplaces_business_reviewscomments_disable_-_accesspressproduct_slider_for_woocommerce_litedokovmageverest_admin_theme_litemcontact_buttonparallaxsomeparallax_blogtauto_posterap_mega_menuwp_popup_liteaccesspress_stapleaccesspress_ifeedseverest_counter_litefotographyaccesspress_magultimate-form-builder-litewp_menu_icons_liteunicon_liteaccesspress_social_sharewp_comment_designer_liteaccesspress_anonymous_postwp_media_manager_liteultimate_author_box_liteagency_liteaccessbuddypunteform_store_to_dbsmart_scroll_to_top_liteeverest_review_litevmagazine_liteblogertotal_gdpr_compliance_liteaccesspress_custom_post_typeinline_call_to_action_builder_litebinglesportsmagwp_product_gallery_litewp_floating_menutotal_team_liteaplitezigcy_cosmeticseverest_gallery_liteeverest_tab_litethe_mondaybadge_designer_lite_for_woocommerceaccesspress_litethe_launcheraccesspress_social_login_litestorevillawp_tfeedaccesspress_custom_cssaccesspress_social_counterone-pazegaga_corpsmart_scroll_postsap_pricing_tables_litewp_popup_bannerssocial_auto_posterscrollmeeverest_faq_manager_literevolvewp_blog_manager_liteenlightenap_custom_testimonialsocial_reviewfashstoreuncode_litezigcy_litepi_buttonwp_cookie_user_infozigcy_babyaccesspress_social_iconsaccesspress_storevmagazine_newsap_contact_formaccesspress_rootapex_notification_bar_liteSocial Auto PosterZigcy LiteAccesspress BasicFree Responsive Tab Plugin For WordPress – Everest Tab LiteAccessPress Custom Post TypeEffectively Add & Customize Free Icons For WordPress Menus – WP Menu Icons LiteResponsive Clients Logo Gallery Plugin for WordPress – Smart Logo Showcase LiteWP Popup Lite – Responsive popup plugin for WordPressSmart Scroll Posts for WordPressSocial ReviewPlugin to Manage / Design WordPress Blog – WP Blog Manager LiteAccessPress Custom CSSResponsive WordPress Timeline Plugin – Everest Timeline LiteComments Disable – AccessPressPI ButtonFree WordPress Plugin To Display Like/Dislike Comment Rating – Everest Comment Rating LiteWP Floating Menu – One page navigator, sticky menu for WordPressAccesspress MagMContact ButtonWP Popup BannersSwing LiteCookie Notification Plugin for WordPress – WP Cookie User InfoThe LauncherWordPress Slider Plugin – WP 1 SliderResponsive Products Showcase Listing for WordPress – WP Product Gallery LiteBinglePunteVMagScrollMeaccesspress-rayAccessPress ParallaxAccessPress iFeedsStoreVillaZigcy BabyOne PazeWordPress Backend Customizer – Everest Admin Theme LiteResponsive Notification Bar Plugin for WordPress – Apex Notification Bar LiteBeautiful Stat Counter Plugin for WordPress – Everest Counter LiteBadge Designer Lite For WooCommerceGaga LiteTotal GDPR Compliance Lite – WordPress Plugin for GDPR CompatibilityDokoaccessbuddyThe MondayTestimonial WordPress Plugin – AP Custom TestimonialThe Easiest WordPress Media Manager Plugin – WP Media Manager LiteTAuto PosterAccessPress Social ShareRevolveAccessPress Social Login Lite – Social Login WordPress PluginEasiest Contact Form for WordPress – AP Contact FormParallaxSomeFotoGraphyEnlightenAccessPress StoreZigcy CosmeticsCTA plugin for WordPress – Easy Side TabInline Call To Action Builder Lite – Free Call To Action Layer Plugin for WordPressFashStoreAccessPress StapleVmagazine NewsUltimate Coming Soon, Maintenance Mode Plugin for WordPress – Everest Coming Soon LiteAccessPress RootBeautiful FAQ Plugin for WordPress – Everest FAQ Manager LiteVMagazine LiteAccessPress Social CounterFree Responsive Post/Article Author Section Plugin for WordPress – Ultimate Author Box LiteForm Store to DBEverest GPlaces Business ReviewsAP CompanionEverest Review Lite – User/Admin review plugin for WordPressparallax-blogContact Form for WordPress – Ultimate Form Builder LiteApliteBlogerAgency LiteAccesspress LiteProduct Slider For WooCommerce LiteResponsive Media Gallery Plugin for WordPress – Everest Gallery LiteGaga CorpFrontend Post WordPress Plugin – AccessPress Anonymous PostConstruction LiteUnicon LiteMega Menu Plugin for WordPress – AP Mega MenuFaster and Easier scroll to Top Plugin for WordPress – Smart Scroll to Top LiteSportsMagPricing Table Builder – AP Pricing Tables LiteSmartest Way To Design & Customize WordPress Comments & Comment Form – WP Comment Designer LiteRippleAccessPress Social IconsUncode LiteTotal Team Lite – Responsive Team Manager / Showcase Plugin for WordPressWP TFeed
CWE ID-CWE-912
Hidden Functionality
CVE-2024-20439
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-86.31% / 99.41%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 16:28
Updated-28 Oct, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-04-21||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_license_utilityCisco Smart License Utilitycisco_smart_license_utilitySmart Licensing Utility
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-912
Hidden Functionality
CVE-2011-10018
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-10||CRITICAL
EPSS-53.00% / 97.97%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 20:35
Updated-07 Apr, 2026 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
myBB 1.6.4 Backdoor Arbitrary Command Execution

myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.

Action-Not Available
Vendor-myBB GroupMyBB
Product-mybbForum Software
CWE ID-CWE-912
Hidden Functionality
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-20103
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-85.08% / 99.36%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 15:38
Updated-07 Apr, 2026 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ProFTPD 1.3.3c Backdoor Command Execution

A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.

Action-Not Available
Vendor-proftpdProFTPD Project
Product-proftpdProFTPD (Professional FTP Daemon)
CWE ID-CWE-912
Hidden Functionality
CVE-2023-24108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 68.52%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 00:00
Updated-05 Dec, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.

Action-Not Available
Vendor-zetacomponentsn/a
Product-mvctoolsn/a
CWE ID-CWE-912
Hidden Functionality
CVE-2022-47767
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 65.23%
||
7 Day CHG~0.00%
Published-25 Jan, 2023 | 00:00
Updated-01 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Action-Not Available
Vendor-solar-logn/a
Product-solar-log_250solar-log_2000solar-log_2000_firmwaresolar-log_500_firmwaresolar-log_50_firmwaresolar-log_300solar-log_1000_firmwaresolar-log_1200solar-log_1000_pm\+solar-log_800esolar-log_1200_firmwaresolar-log_250_firmwaresolar-log_500solar-log_1000_pm\+_firmwaresolar-log_300_firmwaresolar-log_800e_firmwaresolar-log_50solar-log_1000n/a
CWE ID-CWE-912
Hidden Functionality
CVE-2022-46997
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 72.32%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Action-Not Available
Vendor-passhunt_projectn/a
Product-passhuntn/a
CWE ID-CWE-912
Hidden Functionality
CVE-2022-46996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 72.32%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-21 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.

Action-Not Available
Vendor-vsphere_selfuse_projectn/a
Product-vsphere_selfusen/a
CWE ID-CWE-912
Hidden Functionality
Details not found