CVE 9.3 CRITICAL

Shiguangwu sgwbox N3 SHARESERVER Feature command injection_CVE-2025-14705

December 15, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

AI Analysis

Command injection vulnerability in the SHARESERVER Feature of Shiguangwu sgwbox N3 2.0.25, allowing remote attackers to execute arbitrary commands.

Basic Information

ID CVE-2025-14705

Source VulDB

Published Dec 15, 2025 at 05:02

Affected Product

Vendor Shiguangwu

Product sgwbox N3

Version 2.0.25

Affected Versions Shiguangwu sgwbox N3 2.0.25

CWE Classification

CWE-77 CWE-74

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Shiguangwu

Product sgwbox N3

Version 2.0.25

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-12-15T05:02:06.394Z",
    "modified": "2025-12-15T05:02:06.394Z",
    "type": "cve",
    "title": "Shiguangwu sgwbox N3 SHARESERVER Feature command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.336422\nhttps://vuldb.com/?ctiid.336422\nhttps://vuldb.com/?submit.706974\nhttps://www.notion.so/sgwbox-NAS-N3-Command-Injection-2be6cf4e528a80d69da5d6d17456a183?source=copy_link",
    "id": "CVE-2025-14705",
    "bulletinFamily": "",
    "cwe": [
        "CWE-77",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "Shiguangwu sgwbox N3 2.0.25",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "sgwbox N3",
    "version": "2.0.25",
    "vendor": "Shiguangwu",
    "ai_description": "Command injection vulnerability in the SHARESERVER Feature of Shiguangwu sgwbox N3 2.0.25, allowing remote attackers to execute arbitrary commands.",
    "ai_severity": "Critical",
    "ai_vendor": "Shiguangwu",
    "ai_product": "sgwbox N3",
    "ai_version": "2.0.25",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply