Kddi Corporation Hgw-Bl1500Hm vulnerabilities
6 known vulnerabilities affecting kddi_corporation/hgw-bl1500hm.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW2
Vulnerabilities
Page 1 of 1
CVE-2025-27718P2HIGHCVSS 8.8vVer 002.002.003 and earlier2025-03-28
CVE-2025-27718 [HIGH] CWE-22 CVE-2025-27718: Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to
nvd
CVE-2025-27932P3HIGHCVSS 8.1vVer 002.002.003 and earlier2025-03-28
CVE-2025-27932 [HIGH] CWE-22 CVE-2025-27932: Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition.
nvd
CVE-2025-27716P3MEDIUMCVSS 6.5vVer 002.002.003 and earlier2025-03-28
CVE-2025-27716 [MEDIUM] CWE-22 CVE-2025-27716: Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of t
nvd
CVE-2025-27567P4MEDIUMCVSS 5.4vVer 002.002.003 and earlier2025-03-28
CVE-2025-27567 [MEDIUM] CWE-79 CVE-2025-27567: Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 00
Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product.
nvd
CVE-2025-27574P4LOWCVSS 3.6vVer 002.002.003 and earlier2025-03-28
CVE-2025-27574 [LOW] CWE-79 CVE-2025-27574: Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM V
Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product.
nvd
CVE-2025-27726P4LOWCVSS 2.1vVer 002.002.003 and earlier2025-03-28
CVE-2025-27726 [LOW] CWE-22 CVE-2025-27726: Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the f
Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the produc
nvd