CVE-2026-33366: Missing authentication for critical function in BUFFALO INC. BUFFALO Wi-Fi router products
CVE-2026-33366 is a medium severity vulnerability in BUFFALO Wi-Fi router products where a critical function lacks authentication. This flaw allows an unauthenticated attacker to forcibly reboot the affected router devices. The vulnerability does not impact confidentiality or integrity but affects availability by enabling denial of service through forced reboots. No known exploits are reported in the wild. There is no information about patches or vendor advisories at this time.
AI Analysis
Technical Summary
This vulnerability involves missing authentication for a critical function in BUFFALO Wi-Fi routers, permitting an attacker to reboot the device without any authentication. The CVSS 3.0 base score is 5.3 (medium), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability (device reboot). The vulnerability does not affect confidentiality or integrity. No patch or mitigation details are currently provided.
Potential Impact
An attacker can cause a denial of service by rebooting the router remotely without authentication, potentially disrupting network availability. There is no impact on data confidentiality or integrity. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider limiting network exposure of affected devices and monitor for unusual reboot activity. No official fix or workaround information is currently provided.
CVE-2026-33366: Missing authentication for critical function in BUFFALO INC. BUFFALO Wi-Fi router products
Description
CVE-2026-33366 is a medium severity vulnerability in BUFFALO Wi-Fi router products where a critical function lacks authentication. This flaw allows an unauthenticated attacker to forcibly reboot the affected router devices. The vulnerability does not impact confidentiality or integrity but affects availability by enabling denial of service through forced reboots. No known exploits are reported in the wild. There is no information about patches or vendor advisories at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves missing authentication for a critical function in BUFFALO Wi-Fi routers, permitting an attacker to reboot the device without any authentication. The CVSS 3.0 base score is 5.3 (medium), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and impact limited to availability (device reboot). The vulnerability does not affect confidentiality or integrity. No patch or mitigation details are currently provided.
Potential Impact
An attacker can cause a denial of service by rebooting the router remotely without authentication, potentially disrupting network availability. There is no impact on data confidentiality or integrity. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, consider limiting network exposure of affected devices and monitor for unusual reboot activity. No official fix or workaround information is currently provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- jpcert
- Date Reserved
- 2026-03-25T06:25:35.445Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 69c61cf33c064ed76f585829
Added to database: 3/27/2026, 6:00:19 AM
Last enriched: 4/3/2026, 1:35:36 PM
Last updated: 5/11/2026, 6:49:27 AM
Views: 91
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.