{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27650", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2026-03-25T06:25:30.930Z", "datePublished": "2026-03-27T05:24:35.501Z", "dateUpdated": "2026-03-27T05:24:35.501Z"}, "containers": {"cna": {"affected": [{"vendor": "BUFFALO INC.", "product": "BUFFALO Wi-Fi router products", "versions": [{"version": "See \"References\" section", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products."}], "problemTypes": [{"descriptions": [{"description": "Improper neutralization of special elements used in an OS command ('OS Command Injection')", "lang": "en-US", "cweId": "CWE-78", "type": "CWE"}]}], "references": [{"url": "https://www.buffalo.jp/news/detail/20260323-01.html"}, {"url": "https://jvn.jp/en/jp/JVN83788689/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}, {"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV4_0": {"version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2026-03-27T05:24:35.501Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products."}], "id": "CVE-2026-27650", "lastModified": "2026-03-27T06:16:38.257", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vultures@jpcert.or.jp", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "vultures@jpcert.or.jp", "type": "Secondary"}]}, "published": "2026-03-27T06:16:38.257", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN83788689/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.buffalo.jp/news/detail/20260323-01.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "vultures@jpcert.or.jp", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T07:23:25.286207+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware update released for the affected BUFFALO Wi\u2011Fi router models", "Confirm the firmware version after the update to ensure the vulnerability fix is present", "If no update is available, restrict external access to the router\u2019s administration interface or disconnect it from the network until a patch can be applied", "Check the Buffalo support website or the provided advisories for further guidance"], "summary": {"action": "Immediate Patch", "impact": "Remote code execution via arbitrary OS command injection"}, "threat_synthesis": {"affected_systems": "BUFFALO Wi\u2011Fi router products are impacted. Specific model names and firmware versions are not detailed in the advisory, so all devices in the BUFFALO Wi\u2011Fi product line should be treated as potentially vulnerable until further information is obtained.", "description_and_impact": "The vulnerability allows an attacker to inject operating system commands through a web interface on affected BUFFALO Wi\u2011Fi router products. Executing such commands gives the attacker full control of the device, enabling data exfiltration, persistent compromise, or use of the router as a launch pad for further attacks. The weakness is a classic OS command injection flaw.", "risk_and_exploitability": "With a CVSS score of 8.6, the vulnerability is classified as high severity. Exploit probability data from EPSS is unavailable, and the issue is not currently listed in the CISA KEV catalog. The attack vector is inferred to be remote, originating from interactions with the router\u2019s web interface; no local prerequisites are described, suggesting that any network\u2011connected user who can access the interface may be able to exploit the flaw."}}}}, "created": "2026-03-27T09:22:15.296051+00:00", "updated": "2026-03-27T09:22:15.296073+00:00", "vendors": []}