CVE 9.3 CRITICAL

Shiguangwu sgwbox N3 DOCKER Feature http_eshell_server command injection_CVE-2025-14707

December 15, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Command injection vulnerability in Shiguangwu sgwbox N3 DOCKER Feature http_eshell_server

Basic Information

ID CVE-2025-14707

Source VulDB

Published Dec 15, 2025 at 06:02

Affected Product

Vendor Shiguangwu

Product sgwbox N3

Version 2.0.25

Affected Versions Shiguangwu sgwbox N3 2.0.25

CWE Classification

CWE-77 CWE-74

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Shiguangwu

Product sgwbox N3

Version 2.0.25

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of the argument params results in command injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-15T06:02:06.636Z",
    "modified": "2025-12-15T06:02:06.636Z",
    "type": "cve",
    "title": "Shiguangwu sgwbox N3 DOCKER Feature http_eshell_server command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336424\nhttps://vuldb.com/?ctiid.336424\nhttps://vuldb.com/?submit.706976\nhttps://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a805f9b94f7b8799c77a8?source=copy_link",
    "id": "CVE-2025-14707",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Shiguangwu sgwbox N3 2.0.25",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sgwbox N3",
    "version": "2.0.25",
    "vendor": "Shiguangwu",
    "ai_description": "Command injection vulnerability in Shiguangwu sgwbox N3 DOCKER Feature http_eshell_server",
    "ai_severity": "Critical",
    "ai_vendor": "Shiguangwu",
    "ai_product": "sgwbox N3",
    "ai_version": "2.0.25",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply