CVE-2026-27650

Critical

Published: 27 March 2026

Published

27 March 2026

Modified

31 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 21.5th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Unix shell commands and scripts for execution.

Security Summary

CVE-2026-27650 is an OS Command Injection vulnerability (CWE-78) present in BUFFALO Wi-Fi router products. Published on 2026-03-27, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical. Exploitation enables attackers to execute arbitrary OS commands on the affected products.

The vulnerability is exploitable remotely over the network with low attack complexity, requiring no authentication or privileges and no user interaction. Successful attacks maintain an unchanged scope while achieving high impacts on confidentiality, integrity, and availability, potentially allowing full device compromise such as data theft, modification, or denial of service.

Advisories detailing mitigations and patches are available from JVN at https://jvn.jp/en/jp/JVN83788689/ and Buffalo at https://www.buffalo.jp/news/detail/20260323-01.html.

Details

CWE(s): CWE-78

Affected Products

buffalo

wcr-1166dhpl firmware

≤ 1.01

buffalo

wsr3600be4-kh firmware

≤ 6.02

buffalo

wsr3600be4p firmware

≤ 5.02

buffalo

wxr-1750dhp firmware

≤ 2.63

buffalo

wxr-1750dhp2 firmware

≤ 2.63

buffalo

wxr18000be10p firmware

≤ 5.03

buffalo

wxr-1900dhp firmware

≤ 2.53

buffalo

wxr-1900dhp2 firmware

≤ 2.62

buffalo

wxr-1900dhp3 firmware

≤ 2.66

buffalo

wxr-5950ax12 firmware

≤ 3.57

+36 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables remote exploitation of public-facing router web interface (T1190) leading to arbitrary OS command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://jvn.jp/en/jp/JVN83788689/
Third Party Advisory · vultures@jpcert.or.jp
https://www.buffalo.jp/news/detail/20260323-01.html
Vendor Advisory · vultures@jpcert.or.jp