CVE-2026-27650 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Affected Products (NVD)

Vendor	Product	Version
buffalo	wcr-1166dhpl_firmware	𝑥 < 1.01
buffalo	wsr3600be4-kh_firmware	𝑥 < 6.02
buffalo	wsr3600be4p_firmware	𝑥 < 5.02
buffalo	wxr-1750dhp_firmware	𝑥 < 2.63
buffalo	wxr-1750dhp2_firmware	𝑥 < 2.63
buffalo	wxr18000be10p_firmware	𝑥 < 5.03
buffalo	wxr-1900dhp_firmware	𝑥 < 2.53
buffalo	wxr-1900dhp2_firmware	𝑥 < 2.62
buffalo	wxr-1900dhp3_firmware	𝑥 < 2.66
buffalo	wxr-5950ax12_firmware	𝑥 < 3.57
buffalo	wxr-6000ax12b_firmware	𝑥 < 3.57
buffalo	wxr-6000ax12p_firmware	𝑥 < 3.57
buffalo	wxr-6000ax12s_firmware	𝑥 < 3.57
buffalo	wzr-1166dhp_firmware	𝑥 < 2.20
buffalo	wzr-1166dhp2_firmware	𝑥 < 2.20
buffalo	wzr-1750dhp_firmware	𝑥 < 2.32
buffalo	wzr-1750dhp2_firmware	𝑥 < 2.33
buffalo	wzr-s1750dhp_firmware	𝑥 < 2.34
buffalo	wrm-d2133hp_firmware	𝑥 < 3.01
buffalo	wrm-d2133hs_firmware	𝑥 < 3.01
buffalo	wtr-m2133hp_firmware	𝑥 < 3.01
buffalo	wtr-m2133hs_firmware	𝑥 < 3.01
buffalo	wem-1266_firmware	𝑥 < 2.87
buffalo	wem-1266wp_firmware	𝑥 < 2.87
buffalo	vr-u300w_firmware	𝑥 < 1.42
buffalo	vr-u500x_firmware	𝑥 < 1.42
buffalo	wapm-1266r_firmware	𝑥 < 1.42
buffalo	wapm-1266wdpr_firmware	𝑥 < 1.42
buffalo	wapm-1266wdpra_firmware	𝑥 < 1.42
buffalo	wapm-1750d_firmware	𝑥 < 1.07
buffalo	wapm-2133r_firmware	𝑥 < 1.42
buffalo	wapm-2133tr_firmware	𝑥 < 1.42
buffalo	wapm-ax4r_firmware	𝑥 < 1.42
buffalo	wapm-ax8r_firmware	𝑥 < 1.42
buffalo	wapm-axetr_firmware	𝑥 < 1.42
buffalo	waps-1266_firmware	𝑥 < 1.42
buffalo	waps-ax4_firmware	𝑥 < 1.42
buffalo	fs-m1266_firmware	𝑥 < 4.13
buffalo	fs-s1266_firmware	𝑥 < 4.13
buffalo	wzr-600dhp_firmware	-
buffalo	wzr-600dhp2_firmware	-
buffalo	wzr-600dhp3_firmware	-
buffalo	wzr-900dhp_firmware	-
buffalo	wzr-900dhp2_firmware	-
buffalo	wzr-s600dhp_firmware	-
buffalo	wzr-s900dhp_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://jvn.jp/en/jp/JVN83788689/

https://www.buffalo.jp/news/detail/20260323-01.html