Path Traversal Vulnerability in USB Storage Function of HGW-BL1500HM by KDDI
CVE-2025-27716

6.5MEDIUM

Key Information:

Vendor: Kddi Corporation
Status: Hgw-bl1500hm
Vendor: CVE Published:; 28 March 2025

🔔 Create Kddi Corporation Vulnerability Alert

What is CVE-2025-27716?

A path traversal vulnerability exists in the file listing process of the USB storage file-sharing feature in KDDI's HGW-BL1500HM models with version 002.002.003 and earlier. This flaw may allow an unauthorized attacker to access or manipulate files by sending a crafted HTTP request to specific functions from a device linked to the local area network (LAN). It is crucial for users to assess their exposure and mitigate potential risks associated with this vulnerability.

Affected Version(s)

HGW-BL1500HM Ver 002.002.003 and earlier

References

https://kddi-tech.com/contents/appendix_L2_06.html#64433e...

https://jvn.jp/en/jp/JVN04278547/

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 11, 2025

CVE-2025-27716 Data

JSON