Vulnerability Description
A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgwbox | N3 Firmware | <= 2.0.25 |
| Sgwbox | N3 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.336424Permissions RequiredVDB Entry
- https://vuldb.com/?id.336424Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.706976Third Party AdvisoryVDB Entry
- https://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a805f9b94f7b879ExploitThird Party Advisory
FAQ
What is CVE-2025-14707?
CVE-2025-14707 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of...
How severe is CVE-2025-14707?
CVE-2025-14707 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-14707?
Check the references section above for vendor advisories and patch information. Affected products include: Sgwbox N3 Firmware, Sgwbox N3.