VYPR

Vendor CVEs

Kddi

All CVEs

24 total · sorted by risk
  • CVE-2025-27718HigMar 28, 2025
    risk 0.57cvss 8.8epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…

  • CVE-2024-28041HigMar 25, 2024
    risk 0.57cvss 8.8epss 0.01

    HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.

  • CVE-2017-2186HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.

  • CVE-2017-2185HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI.

  • CVE-2017-2184HigJul 7, 2017
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.

  • CVE-2025-27932HigMar 28, 2025
    risk 0.53cvss 8.1epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the…

  • CVE-2017-2183HigJul 7, 2017
    risk 0.52cvss 8.0epss 0.01

    HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

  • CVE-2017-2289HigAug 18, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2016-1139HigJan 30, 2016
    risk 0.49cvss 7.5epss 0.01

    Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

  • CVE-2016-1137HigJan 30, 2016
    risk 0.48cvss 7.4epss 0.01

    Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2025-27716MedMar 28, 2025
    risk 0.42cvss 6.5epss 0.01

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be…

  • CVE-2024-21865MedMar 25, 2024
    risk 0.42cvss 6.5epss 0.00

    HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.

  • CVE-2016-1140MedJan 30, 2016
    risk 0.40cvss 6.1epss 0.01

    KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.

  • CVE-2025-27567MedMar 28, 2025
    risk 0.35cvss 5.4epss 0.00

    Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…

  • CVE-2016-1136MedJan 30, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-41281MedMay 14, 2026
    risk 0.31cvss 4.8epss 0.00

    Android App "あんしんフィルター for au" provided by KDDI CORPORATION contains Cleartext Transmission of Sensitive Information (CWE-319) vulnerability. A man-in-the-middle attacker may access and modify communications transmitted in plaintext, potentially resulting in…

  • CVE-2016-1141MedJan 30, 2016
    risk 0.31cvss 4.7epss 0.01

    KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

  • CVE-2016-1138MedJan 30, 2016
    risk 0.31cvss 4.7epss 0.01

    CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.

  • CVE-2025-27574LowMar 28, 2025
    risk 0.23cvss 3.6epss 0.00

    Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions…

  • CVE-2025-27726LowMar 28, 2025
    risk 0.14cvss 2.1epss 0.00

    Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained…

  • CVE-2022-43543Dec 21, 2022
    risk 0.00cvss epss 0.00

    KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode…

  • CVE-2019-15416Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03)…

  • CVE-2018-0691Nov 15, 2018
    risk 0.00cvss epss 0.01

    Multiple +Message Apps (Softbank +Message App for Android prior to version 10.1.7, Softbank +Message App for iOS prior to version 1.1.23, NTT DOCOMO +Message App for Android prior to version 42.40.2800, NTT DOCOMO +Message App for iOS prior to version 1.1.23, KDDI +Message App…

  • CVE-2007-3692Jul 11, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter.