Kddi
Products
8- 8 CVEs
- 6 CVEs
- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27718 | Hig | 0.57 | 8.8 | 0.01 | Mar 28, 2025 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained… | ||
| CVE-2024-28041 | Hig | 0.57 | 8.8 | 0.01 | Mar 25, 2024 | HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. | ||
| CVE-2017-2186 | Hig | 0.57 | 8.8 | 0.01 | Jul 7, 2017 | HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. | ||
| CVE-2017-2185 | Hig | 0.57 | 8.8 | 0.01 | Jul 7, 2017 | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI. | ||
| CVE-2017-2184 | Hig | 0.57 | 8.8 | 0.01 | Jul 7, 2017 | Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. | ||
| CVE-2025-27932 | Hig | 0.53 | 8.1 | 0.01 | Mar 28, 2025 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the… | ||
| CVE-2017-2183 | Hig | 0.52 | 8.0 | 0.01 | Jul 7, 2017 | HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. | ||
| CVE-2017-2289 | Hig | 0.51 | 7.8 | 0.01 | Aug 18, 2017 | Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2016-1139 | Hig | 0.49 | 7.5 | 0.01 | Jan 30, 2016 | Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||
| CVE-2016-1137 | Hig | 0.48 | 7.4 | 0.01 | Jan 30, 2016 | Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||
| CVE-2025-27716 | Med | 0.42 | 6.5 | 0.01 | Mar 28, 2025 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be… | ||
| CVE-2024-21865 | Med | 0.42 | 6.5 | 0.00 | Mar 25, 2024 | HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. | ||
| CVE-2016-1140 | Med | 0.40 | 6.1 | 0.01 | Jan 30, 2016 | KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | ||
| CVE-2025-27567 | Med | 0.35 | 5.4 | 0.00 | Mar 28, 2025 | Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions… | ||
| CVE-2016-1136 | Med | 0.35 | 5.4 | 0.01 | Jan 30, 2016 | Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2026-41281 | Med | 0.31 | 4.8 | 0.00 | May 14, 2026 | Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in… | ||
| CVE-2016-1141 | Med | 0.31 | 4.7 | 0.01 | Jan 30, 2016 | KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2016-1138 | Med | 0.31 | 4.7 | 0.01 | Jan 30, 2016 | CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. | ||
| CVE-2025-27574 | Low | 0.23 | 3.6 | 0.00 | Mar 28, 2025 | Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions… | ||
| CVE-2025-27726 | Low | 0.14 | 2.1 | 0.00 | Mar 28, 2025 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained… |
- risk 0.57cvss 8.8epss 0.01
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…
- risk 0.57cvss 8.8epss 0.01
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.
- risk 0.57cvss 8.8epss 0.01
HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.
- risk 0.57cvss 8.8epss 0.01
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.
- risk 0.57cvss 8.8epss 0.01
Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.
- risk 0.53cvss 8.1epss 0.01
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the…
- risk 0.52cvss 8.0epss 0.01
HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.49cvss 7.5epss 0.01
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
- risk 0.48cvss 7.4epss 0.01
Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be…
- risk 0.42cvss 6.5epss 0.00
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.
- risk 0.40cvss 6.1epss 0.01
KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.
- risk 0.35cvss 5.4epss 0.00
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.31cvss 4.8epss 0.00
Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in…
- risk 0.31cvss 4.7epss 0.01
KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
- risk 0.31cvss 4.7epss 0.01
CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.
- risk 0.23cvss 3.6epss 0.00
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…
- risk 0.14cvss 2.1epss 0.00
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…