TROYANOSYVIRUS
Retour aux CVEs

CVE-2026-27650

CRITICAL
9.8

Description

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/27/2026
Derniere modification3/31/2026
Sourcenvd
Observations honeypot0

Produits affectes

buffalo:fs-m1266buffalo:fs-m1266_firmwarebuffalo:fs-s1266buffalo:fs-s1266_firmwarebuffalo:vr-u300wbuffalo:vr-u300w_firmwarebuffalo:vr-u500xbuffalo:vr-u500x_firmwarebuffalo:wapm-1266rbuffalo:wapm-1266r_firmwarebuffalo:wapm-1266wdprbuffalo:wapm-1266wdpr_firmwarebuffalo:wapm-1266wdprabuffalo:wapm-1266wdpra_firmwarebuffalo:wapm-1750dbuffalo:wapm-1750d_firmwarebuffalo:wapm-2133rbuffalo:wapm-2133r_firmwarebuffalo:wapm-2133trbuffalo:wapm-2133tr_firmwarebuffalo:wapm-ax4rbuffalo:wapm-ax4r_firmwarebuffalo:wapm-ax8rbuffalo:wapm-ax8r_firmwarebuffalo:wapm-axetrbuffalo:wapm-axetr_firmwarebuffalo:waps-1266buffalo:waps-1266_firmwarebuffalo:waps-ax4buffalo:waps-ax4_firmwarebuffalo:wcr-1166dhplbuffalo:wcr-1166dhpl_firmwarebuffalo:wem-1266buffalo:wem-1266_firmwarebuffalo:wem-1266wpbuffalo:wem-1266wp_firmwarebuffalo:wrm-d2133hpbuffalo:wrm-d2133hp_firmwarebuffalo:wrm-d2133hsbuffalo:wrm-d2133hs_firmwarebuffalo:wsr3600be4-khbuffalo:wsr3600be4-kh_firmwarebuffalo:wsr3600be4pbuffalo:wsr3600be4p_firmwarebuffalo:wtr-m2133hpbuffalo:wtr-m2133hp_firmwarebuffalo:wtr-m2133hsbuffalo:wtr-m2133hs_firmwarebuffalo:wxr-1750dhpbuffalo:wxr-1750dhp2buffalo:wxr-1750dhp2_firmwarebuffalo:wxr-1750dhp_firmwarebuffalo:wxr-1900dhpbuffalo:wxr-1900dhp2buffalo:wxr-1900dhp2_firmwarebuffalo:wxr-1900dhp3buffalo:wxr-1900dhp3_firmwarebuffalo:wxr-1900dhp_firmwarebuffalo:wxr-5950ax12buffalo:wxr-5950ax12_firmwarebuffalo:wxr-6000ax12bbuffalo:wxr-6000ax12b_firmwarebuffalo:wxr-6000ax12pbuffalo:wxr-6000ax12p_firmwarebuffalo:wxr-6000ax12sbuffalo:wxr-6000ax12s_firmwarebuffalo:wxr18000be10pbuffalo:wxr18000be10p_firmwarebuffalo:wzr-1166dhpbuffalo:wzr-1166dhp2buffalo:wzr-1166dhp2_firmwarebuffalo:wzr-1166dhp_firmwarebuffalo:wzr-1750dhpbuffalo:wzr-1750dhp2buffalo:wzr-1750dhp2_firmwarebuffalo:wzr-1750dhp_firmwarebuffalo:wzr-600dhpbuffalo:wzr-600dhp2buffalo:wzr-600dhp2_firmwarebuffalo:wzr-600dhp3buffalo:wzr-600dhp3_firmwarebuffalo:wzr-600dhp_firmwarebuffalo:wzr-900dhpbuffalo:wzr-900dhp2buffalo:wzr-900dhp2_firmwarebuffalo:wzr-900dhp_firmwarebuffalo:wzr-s1750dhpbuffalo:wzr-s1750dhp_firmwarebuffalo:wzr-s600dhpbuffalo:wzr-s600dhp_firmwarebuffalo:wzr-s900dhpbuffalo:wzr-s900dhp_firmware

Faiblesses (CWE)

CWE-78

References

https://jvn.jp/en/jp/JVN83788689/(vultures@jpcert.or.jp)
https://www.buffalo.jp/news/detail/20260323-01.html(vultures@jpcert.or.jp)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.