CVE-2025-27716
📋 TL;DR
A path traversal vulnerability in the HGW-BL1500HM gateway's USB file-sharing function allows attackers to access or modify files outside intended directories via crafted HTTP requests. This affects devices connected to the LAN side of vulnerable HGW-BL1500HM gateways running firmware version 002.002.003 or earlier.
💻 Affected Systems
- HGW-BL1500HM
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of all files accessible via USB storage, including sensitive data exfiltration, file deletion, or malware injection.
Likely Case
Unauthorized access to shared USB files, potential data theft or corruption of accessible documents/media.
If Mitigated
Limited impact if USB storage contains only non-sensitive files and network access is restricted.
🎯 Exploit Status
Exploitation requires network access to the device's web interface from LAN side.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Later than 002.002.003
Vendor Advisory: https://kddi-tech.com/contents/appendix_L2_06.html#64433e4a-8946-9c06-bddf-91cbfe56c8e5
Restart Required: Yes
Instructions:
1. Access device web interface. 2. Navigate to firmware update section. 3. Upload latest firmware from vendor. 4. Apply update and restart device.
🔧 Temporary Workarounds
Disable USB file-sharing
allTurn off the vulnerable USB storage file-sharing function
Network segmentation
allIsolate HGW-BL1500HM to separate VLAN with restricted access
🧯 If You Can't Patch
- Disconnect USB storage devices from affected gateways
- Implement strict network access controls to limit LAN-side access to gateway management interface
🔍 How to Verify
Check if Vulnerable:
Check firmware version in device web interface under System InformationCheck Version:
Check via web interface or consult device documentation for CLI commandsVerify Fix Applied:
Confirm firmware version is later than 002.002.003 after update📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to file-sharing endpoints with path traversal patterns (../ sequences)
Network Indicators:
- HTTP requests to gateway file-sharing URLs from unexpected internal IPs
SIEM Query:
source="gateway_logs" AND (uri="*../*" OR uri="*/..*") AND uri="*/usb/*"