CVE-2026-27650
high-risk
Published 2026-03-27
OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (20)
Wcr-1166Dhpl Firmware
Wsr3600Be4-Kh Firmware
Wsr3600Be4P Firmware
Wxr-1750Dhp Firmware
Wxr-1750Dhp2 Firmware
Wxr18000Be10P Firmware
Wxr-1900Dhp Firmware
Wxr-1900Dhp2 Firmware
Wxr-1900Dhp3 Firmware
Wxr-5950Ax12 Firmware
Wxr-6000Ax12B Firmware
Wxr-6000Ax12P Firmware
Wxr-6000Ax12S Firmware
Wzr-1166Dhp Firmware
Wzr-1166Dhp2 Firmware
Wzr-1750Dhp Firmware
Wzr-1750Dhp2 Firmware
Wzr-S1750Dhp Firmware
Wrm-D2133Hp Firmware
Wrm-D2133Hs Firmware
Affected Vendors
References (2)
Third Party Advisory
https://jvn.jp/en/jp/JVN83788689/
Vendor Advisory
https://www.buffalo.jp/news/detail/20260323-01.html
57
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
0/34 · Minimal
Exposure
25/34 · High