Path Traversal Vulnerability in USB Storage Function of HGW-BL1500HM
CVE-2025-27932

8.1HIGH

Key Information:

Vendor: Kddi Corporation
Status: Hgw-bl1500hm
Vendor: CVE Published:; 28 March 2025

🔔 Create Kddi Corporation Vulnerability Alert

What is CVE-2025-27932?

A path traversal vulnerability exists in the USB storage file-sharing functionality of the HGW-BL1500HM device, which allows unauthorized manipulation of file paths. This can enable attackers to delete files on the device or trigger a denial-of-service (DoS) scenario, potentially disrupting normal operations and leading to significant data loss or unavailability.

Affected Version(s)

HGW-BL1500HM Ver 002.002.003 and earlier

References

https://kddi-tech.com/contents/appendix_L2_06.html#64433e...

https://jvn.jp/en/jp/JVN04278547/

CVSS V3.0

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 28, 2025
Vulnerability Reserved
Mar 11, 2025

CVE-2025-27932 Data

JSON