VYPR
Vendor

Kddi

Products
8
CVEs
24
Across products
24
Status
Private

Products

8

Recent CVEs

24
View all 24 CVEs →
  • CVE-2025-27718HigMar 28, 2025
    risk 0.57cvss 8.8epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…

  • CVE-2024-28041HigMar 25, 2024
    risk 0.57cvss 8.8epss 0.01

    HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.

  • CVE-2017-2186HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.

  • CVE-2017-2185HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.

  • CVE-2017-2184HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.

  • CVE-2025-27932HigMar 28, 2025
    risk 0.53cvss 8.1epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the…

  • CVE-2017-2183HigJul 7, 2017
    risk 0.52cvss 8.0epss 0.01

    HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

  • CVE-2017-2289HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2016-1139HigJan 30, 2016
    risk 0.49cvss 7.5epss 0.01

    Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2016-1137HigJan 30, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2025-27716MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be…

  • CVE-2024-21865MedMar 25, 2024
    risk 0.42cvss 6.5epss 0.00

    HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.

  • CVE-2016-1140MedJan 30, 2016
    risk 0.40cvss 6.1epss 0.01

    KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.

  • CVE-2025-27567MedMar 28, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…

  • CVE-2016-1136MedJan 30, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-41281MedMay 14, 2026
    risk 0.31cvss 4.8epss 0.00

    Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in…

  • CVE-2016-1141MedJan 30, 2016
    risk 0.31cvss 4.7epss 0.01

    KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

  • CVE-2016-1138MedJan 30, 2016
    risk 0.31cvss 4.7epss 0.01

    CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

  • CVE-2025-27574LowMar 28, 2025
    risk 0.23cvss 3.6epss 0.00

    Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…

  • CVE-2025-27726LowMar 28, 2025
    risk 0.14cvss 2.1epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…