Vulnerability Description
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgwbox | N3 Firmware | <= 2.0.25 |
| Sgwbox | N3 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.336421Permissions RequiredVDB Entry
- https://vuldb.com/?id.336421Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.706915Third Party AdvisoryVDB Entry
- https://www.notion.so/sgwbox-NAS-N3-Directory-Traversal-2be6cf4e528a802a9c0ad6f0ExploitThird Party Advisory
FAQ
What is CVE-2025-14704?
CVE-2025-14704 is a vulnerability with a CVSS score of 7.3 (HIGH). A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possib...
How severe is CVE-2025-14704?
CVE-2025-14704 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14704?
Check the references section above for vendor advisories and patch information. Affected products include: Sgwbox N3 Firmware, Sgwbox N3.