What is the severity of CVE-2025-27726?

The severity of CVE-2025-27726 is considered to be high due to the potential unauthorized access to files and alteration of data.

How do I fix CVE-2025-27726?

To fix CVE-2025-27726, upgrade your HGW-BL1500HM device to version 002.002.004 or later where the vulnerability is addressed.

What does CVE-2025-27726 affect?

CVE-2025-27726 affects the file download process of the USB storage file-sharing function on HGW-BL1500HM devices running version 002.002.003 or earlier.

What type of vulnerability is CVE-2025-27726?

CVE-2025-27726 is classified as a Path Traversal vulnerability that allows attackers to access and potentially alter files outside of the intended directory.

Can CVE-2025-27726 be exploited remotely?

Yes, CVE-2025-27726 can be exploited remotely if the attacker has access to the USB storage file-sharing function of the affected device.

Vulnerability/
CVE-2025-27726

low

2.1

CWE

EPSS

0.076%

28/3/2025

CVE-2025-27726: Path Traversal

First published: Fri Mar 28 2025(Updated: )

Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in the file download process of the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
HGW HGW-BL1500HM	<002.002.003

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-27726?
The severity of CVE-2025-27726 is considered to be high due to the potential unauthorized access to files and alteration of data.
How do I fix CVE-2025-27726?
To fix CVE-2025-27726, upgrade your HGW-BL1500HM device to version 002.002.004 or later where the vulnerability is addressed.
What does CVE-2025-27726 affect?
CVE-2025-27726 affects the file download process of the USB storage file-sharing function on HGW-BL1500HM devices running version 002.002.003 or earlier.
What type of vulnerability is CVE-2025-27726?
CVE-2025-27726 is classified as a Path Traversal vulnerability that allows attackers to access and potentially alter files outside of the intended directory.
Can CVE-2025-27726 be exploited remotely?
Yes, CVE-2025-27726 can be exploited remotely if the attacker has access to the USB storage file-sharing function of the affected device.

collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/references
agent/weakness
agent/type
agent/description
agent/first-publish-date
agent/last-modified-date
agent/severity
agent/author
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/source
agent/tags
agent/epss
vendor/hgw
canonical/hgw hgw-bl1500hm

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.