CVE-2025-61941 | THREATINT

Description

A path traversal issue exists in WXR9300BE6P series firmware versions prior to Ver.1.10. Arbitrary file may be altered by an administrative user who logs in to the affected product. Moreover, arbitrary OS command may be executed via some file alteration.

PUBLISHED Reserved 2025-10-14 | Published 2025-10-15 | Updated 2025-10-15 | Assigner jpcert

HIGH: 7.2CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper limitation of a pathname to a restricted directory ('Path Traversal')

Product status

firmware versions prior to Ver.1.10

affected

References

www.buffalo.jp/news/detail/20251014-01.html

jvn.jp/en/vu/JVNVU96471278/

cve.org (CVE-2025-61941)

nvd.nist.gov (CVE-2025-61941)

Download JSON