Cyber Posture

CVE-2026-32669

CriticalRCE

Published: 27 March 2026

Published
27 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 14.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32669 is a critical-severity Code Injection (CWE-94) vulnerability in Buffalo Wcr-1166Dhpl Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 14.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the code injection vulnerability by identifying, reporting, and patching the specific flaw in BUFFALO Wi-Fi router firmware as per vendor advisories.

SI-10 Information Input Validation good match
prevent

Prevents code injection attacks like CVE-2026-32669 by validating all external information inputs to the router's services.

SI-16 Memory Protection partial match
prevent

Mitigates exploitation of the code injection vulnerability by implementing memory protections such as non-executable stacks or ASLR on the router.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote unauthenticated code injection (CWE-94) in Buffalo router web/management interface directly enables T1190 Exploit Public-Facing Application for arbitrary code execution and full device compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.

Deeper analysisAI

CVE-2026-32669 is a code injection vulnerability (CWE-94) present in BUFFALO Wi-Fi router products. If exploited, it allows arbitrary code execution on the affected products. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), classifying it as critical due to its high impact potential.

Remote attackers can exploit this vulnerability over the network with low complexity, without requiring authentication, privileges, or user interaction. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, enabling full compromise of the router, such as persistent control or further network pivoting.

Mitigation guidance is detailed in advisories published by JVN at https://jvn.jp/en/jp/JVN83788689/ and Buffalo at https://www.buffalo.jp/news/detail/20260323-01.html.

Details

CWE(s)
CWE-94

Affected Products

buffalo
wcr-1166dhpl firmware
≤ 1.01
buffalo
wsr3600be4-kh firmware
≤ 6.02
buffalo
wsr3600be4p firmware
≤ 5.02
buffalo
wxr-1750dhp firmware
≤ 2.63
buffalo
wxr-1750dhp2 firmware
≤ 2.63
buffalo
wxr18000be10p firmware
≤ 5.03
buffalo
wxr-1900dhp firmware
≤ 2.53
buffalo
wxr-1900dhp2 firmware
≤ 2.62
buffalo
wxr-1900dhp3 firmware
≤ 2.66
buffalo
wxr-5950ax12 firmware
≤ 3.57
+36 more product configuration(s) — see NVD for full list

CVEs Like This One

CVE-2026-27650Same product: Buffalo Fs-M1266
CVE-2026-33280Same product: Buffalo Fs-M1266
CVE-2025-23209Shared CWE-94
CVE-2026-39440Shared CWE-94
CVE-2026-3300Shared CWE-94
CVE-2025-6389Shared CWE-94
CVE-2025-8723Shared CWE-94
CVE-2025-34277Shared CWE-94
CVE-2025-57141Shared CWE-94
CVE-2024-48818Shared CWE-94

References