CVE-2026-27650

CriticalRCE

Published: 27 March 2026

Published

27 March 2026

Modified

31 March 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 21.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-27650 is a critical-severity OS Command Injection (CWE-78) vulnerability in Buffalo Wcr-1166Dhpl Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly eliminates the OS command injection vulnerability by requiring timely flaw remediation through application of vendor-provided patches for the Buffalo Wi-Fi router.

SI-10 Information Input Validation good match

prevent

Prevents arbitrary OS command execution by implementing input validation checks to sanitize untrusted network inputs to the vulnerable router functions.

SI-4 System Monitoring good match

detect

Detects exploitation of the command injection vulnerability through monitoring of system activities, unauthorized connections, and indicators of attack on the router.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

CVE enables remote exploitation of public-facing router web interface (T1190) leading to arbitrary OS command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

Deeper analysisAI

CVE-2026-27650 is an OS Command Injection vulnerability (CWE-78) present in BUFFALO Wi-Fi router products. Published on 2026-03-27, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical. Exploitation enables attackers to execute arbitrary OS commands on the affected products.

The vulnerability is exploitable remotely over the network with low attack complexity, requiring no authentication or privileges and no user interaction. Successful attacks maintain an unchanged scope while achieving high impacts on confidentiality, integrity, and availability, potentially allowing full device compromise such as data theft, modification, or denial of service.

Advisories detailing mitigations and patches are available from JVN at https://jvn.jp/en/jp/JVN83788689/ and Buffalo at https://www.buffalo.jp/news/detail/20260323-01.html.