CVE-2025-27726

Name of the Vulnerable Software and Affected Versions HGW-BL1500HM versions 002.002.003 and earlier

Description A Path Traversal issue exists in the file download process of the USB storage file-sharing function. This issue allows for improper limitation of a pathname to a restricted directory. If exploited, the product's files may be obtained and/or altered by a crafted HTTP request to specific functions of the product from a device connected to the LAN side.

Recommendations For HGW-BL1500HM versions 002.002.003 and earlier, consider disabling the USB storage file-sharing function until a patch is available to prevent potential exploitation. Restrict access to the LAN side to minimize the risk of exploitation. Avoid using the file download process of the USB storage file-sharing function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.