[Japanese]

JVNDB-2025-016124

Buffalo Wi-Fi router WXR9300BE6P series vulnerable to path traversal

Overview

Wi-Fi router WXR9300BE6P series provided by BUFFALO INC. contains the following vulnerability.

* Path traversal (CWE-22) - CVE-2025-61941

Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.2 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


BUFFALO INC.
  • WXR9300BE6P series firmware versions prior to Ver.1.10

Impact

Arbitrary file may be altered by an administrative user who logs in to the affected product.
Moreover, arbitrary OS command may be executed via some file alteration.
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
Vendor Information

BUFFALO INC.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [Other]
CVE (What is CVE?)

  1. CVE-2025-61941
References

  1. JVN : JVNVU#96471278
Revision History

  • [2025/10/16]
      Web page was published

Date Public2025/10/15
Date First Published2025/10/16
Date Last Updated2025/10/16