Cyber Resilience

CVE-2026-27650

HighRCE

Published: 27 March 2026

Published
27 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0092 55.7th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-27650 is a high-severity OS Command Injection (CWE-78) vulnerability in Buffalo Wcr-1166Dhpl Firmware. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-27650 is an OS Command Injection vulnerability (CWE-78) present in BUFFALO Wi-Fi router products. Published on 2026-03-27, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical. Exploitation enables attackers to execute arbitrary OS commands on the affected products.

The vulnerability is exploitable remotely over the network with low attack complexity, requiring no authentication or privileges and no user interaction. Successful attacks maintain an unchanged scope while achieving high impacts on confidentiality, integrity, and availability, potentially allowing full device compromise such as data theft, modification, or denial of service.

Advisories detailing mitigations and patches are available from JVN at https://jvn.jp/en/jp/JVN83788689/ and Buffalo at https://www.buffalo.jp/news/detail/20260323-01.html.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CVE enables remote exploitation of public-facing router web interface (T1190) leading to arbitrary OS command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-32669Same product: Buffalo Fs-M1266
CVE-2026-33280Same product: Buffalo Fs-M1266
CVE-2026-32678Same product: Buffalo Fs-M1266
CVE-2018-25115Shared CWE-78
CVE-2025-24382Shared CWE-78
CVE-2026-29058Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2024-46484Shared CWE-78
CVE-2015-10145Shared CWE-78
CVE-2020-37002Shared CWE-78

Affected Assets

buffalo
wcr-1166dhpl firmware
≤ 1.01
buffalo
wsr3600be4-kh firmware
≤ 6.02
buffalo
wsr3600be4p firmware
≤ 5.02
buffalo
wxr-1750dhp firmware
≤ 2.63
buffalo
wxr-1750dhp2 firmware
≤ 2.63
buffalo
wxr18000be10p firmware
≤ 5.03
buffalo
wxr-1900dhp firmware
≤ 2.53
buffalo
wxr-1900dhp2 firmware
≤ 2.62
buffalo
wxr-1900dhp3 firmware
≤ 2.66
buffalo
wxr-5950ax12 firmware
≤ 3.57
+36 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly eliminates the OS command injection vulnerability by requiring timely flaw remediation through application of vendor-provided patches for the Buffalo Wi-Fi router.

prevent

Prevents arbitrary OS command execution by implementing input validation checks to sanitize untrusted network inputs to the vulnerable router functions.

detect

Detects exploitation of the command injection vulnerability through monitoring of system activities, unauthorized connections, and indicators of attack on the router.

References