|
[Japanese]
|
JVNDB-2025-000018
|
Multiple vulnerabilities in home gateway HGW-BL1500HM
|
|
Home gateway HGW-BL1500HM provided by KDDI CORPORATION contains multiple vulnerabilities listed below.
- Stored cross-site scripting in the NickName registration screen (CWE-79) - CVE-2025-27567
- Stored cross-site scripting in the USB storage file-sharing function (CWE-79) - CVE-2025-27574
- Path traversal in the file/folder listing process of the USB storage file-sharing function (CWE-22) - CVE-2025-27716
- Path traversal in the file upload process of the USB storage file-sharing function (CWE-22) - CVE-2025-27718
- Path traversal in the file download process of the USB storage file-sharing function (CWE-22) - CVE-2025-27726
- Path traversal in the file deletion process of the USB storage file-sharing function (CWE-22) - CVE-2025-27932
Huiseong Seo reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-27718
|
CVSS V3 Severity:
Base Metrics:8.1 (High) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
The above CVSS base scores have been assigned for CVE-2025-27932
|
CVSS V3 Severity:
Base Metrics:6.5 (Medium) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-27716
|
CVSS V3 Severity:
Base Metrics:5.4 (Medium) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-27567
|
CVSS V3 Severity:
Base Metrics:3.6 (Low) [Other]
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-27574
|
CVSS V3 Severity:
Base Metrics:2.1 (Low) [Other]
- Attack Vector: Physical
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
The above CVSS base scores have been assigned for CVE-2025-27726
|
|
|
KDDI
- HGW-BL1500HM Ver 002.002.003 and earlier
|
|
|
- An arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only from the LAN side of the product (CVE-2025-27567, CVE-2025-27574)
- The product's files may be obtained and/or altered or arbitrary code may be executed by unauthorized access to specific functions of the product from a device connected to the LAN side (CVE-2025-27716, CVE-2025-27718, CVE-2025-27726)
- An attacker may delete a file on the device or cause a denial of service (DoS) condition (CVE-2025-27932)
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
|
|
KDDI Technology
|
|
- Path Traversal(CWE-22) [IPA Evaluation]
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
- CVE-2025-27567
- CVE-2025-27574
- CVE-2025-27716
- CVE-2025-27718
- CVE-2025-27726
- CVE-2025-27932
|
|
- JVN : JVN#04278547
|
|
- [2025/03/19]
Web page was published
|
