Vulnerability Description
A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgwbox | N3 Firmware | <= 2.0.25 |
| Sgwbox | N3 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.336422Permissions RequiredVDB Entry
- https://vuldb.com/?id.336422Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.706974Third Party AdvisoryVDB Entry
- https://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a80d69da5d6d174ExploitThird Party Advisory
FAQ
What is CVE-2025-14705?
CVE-2025-14705 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection....
How severe is CVE-2025-14705?
CVE-2025-14705 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-14705?
Check the references section above for vendor advisories and patch information. Affected products include: Sgwbox N3 Firmware, Sgwbox N3.