CVE-2025-27726

Vulnerability

Overview

The HGW-BL1500HM home gateway (Ver 002.002.003 and earlier) contains a path-traversal vulnerability (CVE-2025-27726) in the file download process of its USB storage file-sharing function. The issue is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)[1].

Attack

Vector and Prerequisites

An attacker must have network access from the LAN side, be able to send crafted HTTP requests to specific functions of the product, and have low-privilege credentials (CVSS PR:L). The attack complexity is low but requires physical or adjacent network proximity (CVSS AV:P)[1].

Impact

Successful exploitation allows the attacker to read arbitrary files from the device. The official description notes that files may be obtained and/or altered via a crafted HTTP request[1]. The CVSS v3 base score is 2.1 (Low), reflecting a limited confidentiality impact and no impact on integrity or availability for this specific vector[1].

Mitigation and

Remediation

KDDI has published a firmware update (version 002.004.010) that addresses this and other reported vulnerabilities[2]. Users are advised to ensure the gateway is connected to the internet and powered on to receive automatic firmware updates, or to apply the update as described in KDDI's advisory[2].