Vulnerability Description
A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sgwbox | N3 Firmware | <= 2.0.25 |
| Sgwbox | N3 | - |
Related Weaknesses (CWE)
References
- https://vuldb.com/?ctiid.336425Permissions RequiredVDB Entry
- https://vuldb.com/?id.336425Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.706977Third Party AdvisoryVDB Entry
- https://www.notion.so/sgwbox-NAS-N3-Buffer-Overflow-2be6cf4e528a808b9f71fe434929ExploitThird Party Advisory
FAQ
What is CVE-2025-14708?
CVE-2025-14708 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interfac...
How severe is CVE-2025-14708?
CVE-2025-14708 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-14708?
Check the references section above for vendor advisories and patch information. Affected products include: Sgwbox N3 Firmware, Sgwbox N3.