Home / Vulnerability Intelligence / CVE-2026-27650

CVE-2026-27650 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 30, 2026

BUFFALO Wi-Fi router - OS Command Injection

Published: March 27, 2026Updated: March 30, 2026Remote Exploitable

Overview

BUFFALO Wi-Fi router contains an OS command injection caused by improper input sanitization, letting attackers execute arbitrary OS commands remotely, exploit requires network access.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 11.8%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary OS commands, potentially taking full control of the device.

Mitigation

Update to the latest firmware version provided by BUFFALO.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 28, 2026

🟠 CVE-2026-27650 - High (8.8) OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-27650/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-27650
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: unconfirmed
EPSS: 11.8%
Social Posts: 1

CWE

CWE-78

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

11.8%Probability of exploitation in the next 30 days