CVE 9.3 CRITICAL

Shiguangwu sgwbox N3 NETREBOOT http_eshell_server command injection_CVE-2025-14706

December 15, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Command injection vulnerability in Shiguangwu sgwbox N3 2.0.25 via the NETREBOOT Interface, allowing remote attackers to execute arbitrary commands.

Basic Information

ID CVE-2025-14706

Source VulDB

Published Dec 15, 2025 at 05:32

Affected Product

Vendor Shiguangwu

Product sgwbox N3

Version 2.0.25

Affected Versions Shiguangwu sgwbox N3 2.0.25

CWE Classification

CWE-77 CWE-74

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Shiguangwu

Product sgwbox N3

Version 2.0.25

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETREBOOT Interface. Such manipulation leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-15T05:32:05.553Z",
    "modified": "2025-12-15T05:32:05.553Z",
    "type": "cve",
    "title": "Shiguangwu sgwbox N3 NETREBOOT http_eshell_server command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336423\nhttps://vuldb.com/?ctiid.336423\nhttps://vuldb.com/?submit.706975\nhttps://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a807cb619f9d2e1bcda20?source=copy_link",
    "id": "CVE-2025-14706",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Shiguangwu sgwbox N3 2.0.25",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sgwbox N3",
    "version": "2.0.25",
    "vendor": "Shiguangwu",
    "ai_description": "Command injection vulnerability in Shiguangwu sgwbox N3 2.0.25 via the NETREBOOT Interface, allowing remote attackers to execute arbitrary commands.",
    "ai_severity": "Critical",
    "ai_vendor": "Shiguangwu",
    "ai_product": "sgwbox N3",
    "ai_version": "2.0.25",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply