Buffalo Fs-M1266 Firmware vulnerabilities
5 known vulnerabilities affecting buffalo/fs-m1266_firmware.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-27650P2CRITICALCVSS 9.8fixed in 4.132026-03-27
CVE-2026-27650 [CRITICAL] CWE-78 CVE-2026-27650: OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
nvd
CVE-2026-33280P2CRITICALCVSS 9.8fixed in 4.132026-03-27
CVE-2026-33280 [CRITICAL] CWE-912 CVE-2026-33280: Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to g
Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands.
nvd
CVE-2026-32678P2HIGHCVSS 8.7fixed in 4.132026-03-27
CVE-2026-32678 [HIGH] CWE-288 CVE-2026-32678: Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to
Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication.
nvd
CVE-2026-32669P3CRITICALCVSS 9.8fixed in 4.132026-03-27
CVE-2026-32669 [CRITICAL] CWE-94 CVE-2026-32669: Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is explo
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
nvd
CVE-2026-33366P3MEDIUMCVSS 6.9fixed in 4.132026-03-27
CVE-2026-33366 [MEDIUM] CWE-306 CVE-2026-33366: Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allo
Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.
nvd