CVE & CISA-KEV Catalog

CVE-2026-33366

MEDIUM
5.3
CVSS v3
NVD

Description

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication.

How to fix

Remediation Available
fs-m1266 firmwareNVD
Affected:< 4.13Fixed in:4.13CVE-2026-33366derived from NVD
fs-s1266 firmwareNVD
Affected:< 4.13Fixed in:4.13CVE-2026-33366derived from NVD
vr-u300w firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
vr-u500x firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-1266r firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-1266wdpr firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-1266wdpra firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-1750d firmwareNVD
Affected:< 1.07Fixed in:1.07CVE-2026-33366derived from NVD
wapm-2133r firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-2133tr firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-ax4r firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-ax8r firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wapm-axetr firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
waps-1266 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
waps-ax4 firmwareNVD
Affected:< 1.42Fixed in:1.42CVE-2026-33366derived from NVD
wcr-1166dhpl firmwareNVD
Affected:< 1.01Fixed in:1.01CVE-2026-33366derived from NVD
wem-1266 firmwareNVD
Affected:< 2.87Fixed in:2.87CVE-2026-33366derived from NVD
wem-1266wp firmwareNVD
Affected:< 2.87Fixed in:2.87CVE-2026-33366derived from NVD
wrm-d2133hp firmwareNVD
Affected:< 3.01Fixed in:3.01CVE-2026-33366derived from NVD
wrm-d2133hs firmwareNVD
Affected:< 3.01Fixed in:3.01CVE-2026-33366derived from NVD
wsr3600be4-kh firmwareNVD
Affected:< 6.02Fixed in:6.02CVE-2026-33366derived from NVD
wsr3600be4p firmwareNVD
Affected:< 5.02Fixed in:5.02CVE-2026-33366derived from NVD
wtr-m2133hp firmwareNVD
Affected:< 3.01Fixed in:3.01CVE-2026-33366derived from NVD
wtr-m2133hs firmwareNVD
Affected:< 3.01Fixed in:3.01CVE-2026-33366derived from NVD
wxr-1750dhp2 firmwareNVD
Affected:< 2.63Fixed in:2.63CVE-2026-33366derived from NVD
wxr-1750dhp firmwareNVD
Affected:< 2.63Fixed in:2.63CVE-2026-33366derived from NVD
wxr-1900dhp2 firmwareNVD
Affected:< 2.62Fixed in:2.62CVE-2026-33366derived from NVD
wxr-1900dhp3 firmwareNVD
Affected:< 2.66Fixed in:2.66CVE-2026-33366derived from NVD
wxr-1900dhp firmwareNVD
Affected:< 2.53Fixed in:2.53CVE-2026-33366derived from NVD
wxr-5950ax12 firmwareNVD
Affected:< 3.57Fixed in:3.57CVE-2026-33366derived from NVD
wxr-6000ax12b firmwareNVD
Affected:< 3.57Fixed in:3.57CVE-2026-33366derived from NVD
wxr-6000ax12p firmwareNVD
Affected:< 3.57Fixed in:3.57CVE-2026-33366derived from NVD
wxr-6000ax12s firmwareNVD
Affected:< 3.57Fixed in:3.57CVE-2026-33366derived from NVD
wxr18000be10p firmwareNVD
Affected:< 5.03Fixed in:5.03CVE-2026-33366derived from NVD
wzr-1166dhp2 firmwareNVD
Affected:< 2.20Fixed in:2.20CVE-2026-33366derived from NVD
wzr-1166dhp firmwareNVD
Affected:< 2.20Fixed in:2.20CVE-2026-33366derived from NVD
wzr-1750dhp2 firmwareNVD
Affected:< 2.33Fixed in:2.33CVE-2026-33366derived from NVD
wzr-1750dhp firmwareNVD
Affected:< 2.32Fixed in:2.32CVE-2026-33366derived from NVD
wzr-s1750dhp firmwareNVD
Affected:< 2.34Fixed in:2.34CVE-2026-33366derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityNone
AvailabilityLow

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploit Intelligence

0.34%probability of exploitation in 30 days
26thpercentile

Low risk: more likely to be exploited than 26% of all known CVEs.

References

Vendor Advisory1
Third-Party Advisory1

Related Vulnerabilities

Other CWE-306 (Missing Authentication for Critical Function) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2017-10271High7.5100%KEV + Ransom-
CVE-2023-42793Critical9.8100%KEV + RansomFix
CVE-2025-3248Critical9.8100%KEVFix
CVE-2022-1388Critical9.8100%KEV + RansomFix
CVE-2021-37415Critical9.8100%KEV-
CVE-2023-21839High7.5100%KEV-
Embed a live status badge for CVE-2026-33366
CVE-2026-33366 severity badge

Markdown

[![CVE-2026-33366](https://tridentstack.com/cve/badge/CVE-2026-33366.svg)](https://tridentstack.com/cve/CVE-2026-33366)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-33366"><img src="https://tridentstack.com/cve/badge/CVE-2026-33366.svg" alt="CVE-2026-33366"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-03-31.