CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27932
https://notcve.org/view.php?id=CVE-2025-27932
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27726
https://notcve.org/view.php?id=CVE-2025-27726
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27718
https://notcve.org/view.php?id=CVE-2025-27718
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27716
https://notcve.org/view.php?id=CVE-2025-27716
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27574
https://notcve.org/view.php?id=CVE-2025-27574
28 Mar 2025 — Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product. • https://jvn.jp/en/jp/JVN04278547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27567
https://notcve.org/view.php?id=CVE-2025-27567
28 Mar 2025 — Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product. • https://jvn.jp/en/jp/JVN04278547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21865
https://notcve.org/view.php?id=CVE-2024-21865
25 Mar 2024 — HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. HGW BL1500HM Ver 002.001.013 y anteriores contienen un problema de uso de credenciales semanales. Un atacante no autenticado adyacente a la red puede conectarse al producto a través de SSH y utilizar un shell. • https://jvn.jp/en/vu/JVNVU93546510 • CWE-521: Weak Password Requirements CWE-1391: Use of Weak Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29071
https://notcve.org/view.php?id=CVE-2024-29071
25 Mar 2024 — HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. HGW BL1500HM Ver 002.001.013 y anteriores contienen un problema de uso de credenciales semanales. Un atacante no autenticado adyacente a la red puede cambiar la configuración del sistema. • https://jvn.jp/en/vu/JVNVU93546510 • CWE-522: Insufficiently Protected Credentials CWE-1391: Use of Weak Credentials •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-28041
https://notcve.org/view.php?id=CVE-2024-28041
25 Mar 2024 — HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. HGW BL1500HM Ver 002.001.013 y anteriores permiten que un atacante no autenticado adyacente a la red ejecute un comando arbitrario. • https://jvn.jp/en/vu/JVNVU93546510 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •