CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27932
https://notcve.org/view.php?id=CVE-2025-27932
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file deletion process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an attacker may delete a file on the device or cause a denial of service (DoS) condition. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27726
https://notcve.org/view.php?id=CVE-2025-27726
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27718
https://notcve.org/view.php?id=CVE-2025-27718
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file upload process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered or arbitrary code may be executed by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27716
https://notcve.org/view.php?id=CVE-2025-27716
28 Mar 2025 — Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file/folder listing process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side. • https://jvn.jp/en/jp/JVN04278547 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27574
https://notcve.org/view.php?id=CVE-2025-27574
28 Mar 2025 — Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product. • https://jvn.jp/en/jp/JVN04278547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27567
https://notcve.org/view.php?id=CVE-2025-27567
28 Mar 2025 — Cross-site scripting vulnerability exists in the NickName registration screen of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product. • https://jvn.jp/en/jp/JVN04278547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •