Description
A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.
References (2)
Core 2
Core References
Various Sources
https://www.buffalo.jp/news/detail/20251014-01.html
Third Party Advisory
https://jvn.jp/en/vu/JVNVU96471278/
Scores
CVSS v3
7.2
EPSS
0.0047
EPSS Percentile
37.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
BUFFALO INC./WXR9300BE6P series
firmware versions prior to Ver.1.10
Published
Oct 15, 2025
Tracked Since
Feb 18, 2026