Description
Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
Published: 2026-03-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a code injection flaw (CWE‑94) that allows an attacker to execute arbitrary code on BUFFALO Wi‑Fi router products. Because the code runs with the privileges of the device, an attacker could compromise the router’s network connectivity, intercept traffic, or use the router as a foothold to reach other systems. This represents a serious breach of confidentiality, integrity, and availability for the affected network.

Affected Systems

The affected products are BUFFALO Wi‑Fi routers manufactured by BUFFALO INC. No specific firmware or device versions are listed, so any model that incorporates the vulnerable component is potentially at risk.

Risk and Exploitability

With a CVSS score of 8.7 the vulnerability is considered high severity. Exploitation is feasible over the internet, likely through the router’s web management interface, and does not require special conditions beyond reaching the interface. Although EPSS data is unavailable and the issue is not listed in KEV, the remote code execution nature warrants high attention and an urgent response.

Generated by OpenCVE AI on March 27, 2026 at 07:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official firmware update released by Buffalo to address the code injection flaw.
  • If an update is not yet available, temporarily block or disable the router’s web management interface from external networks.
  • Change the default administrator password to a strong, unique value for all managed devices.
  • Configure the router’s firewall to allow management traffic only from trusted IP addresses.

Generated by OpenCVE AI on March 27, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 09:30:00 +0000

Type Values Removed Values Added
Title Code Injection Vulnerability in BUFFALO Wi‑Fi Router Allowing Arbitrary Code Execution

Fri, 27 Mar 2026 06:00:00 +0000

Type Values Removed Values Added
Description Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products.
Weaknesses CWE-94
References
Metrics cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2026-03-27T05:24:52.376Z

Reserved: 2026-03-25T06:25:33.514Z

Link: CVE-2026-32669

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T06:16:38.450

Modified: 2026-03-27T06:16:38.450

Link: CVE-2026-32669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:14Z

Weaknesses