Vulnerability Description
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgwbox | N3 Firmware | <= 2.0.25 |
| Sgwbox | N3 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.336420Permissions RequiredVDB Entry
- https://vuldb.com/?id.336420Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.706914Third Party AdvisoryVDB Entry
- https://www.notion.so/sgwbox-NAS-N3-Auth-Bypass-2be6cf4e528a8092b261fbc2abc3430cExploitThird Party Advisory
FAQ
What is CVE-2025-14703?
CVE-2025-14703 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The manipulation of the argument...
How severe is CVE-2025-14703?
CVE-2025-14703 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14703?
Check the references section above for vendor advisories and patch information. Affected products include: Sgwbox N3 Firmware, Sgwbox N3.