HGW-BL1500HM

CVEs (8)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-27718	Kddi HGW-BL1500HM	Hig	0.57	8.8	0.01	Mar 28, 2025	Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…
CVE-2024-28041	Kddi HGW-BL1500HM	Hig	0.57	8.8	0.00	Mar 25, 2024	HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.
CVE-2025-27932	Kddi HGW-BL1500HM	Hig	0.53	8.1	0.01	Mar 28, 2025	Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the…
CVE-2025-27716	Kddi HGW-BL1500HM	Med	0.42	6.5	0.01	Mar 28, 2025	Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be…
CVE-2024-21865	Kddi HGW-BL1500HM	Med	0.42	6.5	0.00	Mar 25, 2024	HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
CVE-2025-27567	Kddi HGW-BL1500HM	Med	0.35	5.4	0.00	Mar 28, 2025	Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…
CVE-2025-27574	Kddi HGW-BL1500HM	Low	0.23	3.6	0.00	Mar 28, 2025	Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…
CVE-2025-27726	Kddi HGW-BL1500HM	Low	0.14	2.1	0.00	Mar 28, 2025	Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…

CVE-2025-27718HigMar 28, 2025
Kddi
HGW-BL1500HM
risk 0.57cvss 8.8epss 0.01
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…
CVE-2024-28041HigMar 25, 2024
Kddi
HGW-BL1500HM
risk 0.57cvss 8.8epss 0.00
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.
CVE-2025-27932HigMar 28, 2025
Kddi
HGW-BL1500HM
risk 0.53cvss 8.1epss 0.01
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the…
CVE-2025-27716MedMar 28, 2025
Kddi
HGW-BL1500HM
risk 0.42cvss 6.5epss 0.01
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be…
CVE-2024-21865MedMar 25, 2024
Kddi
HGW-BL1500HM
risk 0.42cvss 6.5epss 0.00
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
CVE-2025-27567MedMar 28, 2025
Kddi
HGW-BL1500HM
risk 0.35cvss 5.4epss 0.00
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…
CVE-2025-27574LowMar 28, 2025
Kddi
HGW-BL1500HM
risk 0.23cvss 3.6epss 0.00
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…
CVE-2025-27726LowMar 28, 2025
Kddi
HGW-BL1500HM
risk 0.14cvss 2.1epss 0.00
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…