Login Sign Up

CVE-2025-14708

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

A remote buffer overflow vulnerability exists in Shiguangwu sgwbox N3 devices version 2.0.25 through the WIREDCFGGET interface. Attackers can exploit this to execute arbitrary code or crash the system by sending specially crafted requests to the http_eshell_server component. This affects all users running the vulnerable version of sgwbox N3 NAS devices.

💻 Affected Systems

Products:
  • Shiguangwu sgwbox N3
Versions: 2.0.25
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability is in the http_eshell_server component which appears to be enabled by default. No special configuration is required for exploitation.

📦 What is this software?

N3 Firmware by Sgwbox

View all CVEs affecting N3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, allowing attackers to install malware, steal data, or use the device as part of a botnet.

🟠

Likely Case

Remote code execution leading to device takeover, data theft, or denial of service through system crashes.

🟢

If Mitigated

Denial of service through system crashes if exploit attempts are blocked but still trigger the vulnerability.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit is publicly available and the vulnerability requires no authentication, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available. The vendor has not responded to disclosure attempts. Consider workarounds or replacement.

🔧 Temporary Workarounds

Block WIREDCFGGET Interface Access

linux

Use firewall rules to block access to the vulnerable interface on port 80/443

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Disable http_eshell_server Service

linux

Stop and disable the vulnerable service if not required

systemctl stop http_eshell_server
systemctl disable http_eshell_server

🧯 If You Can't Patch

  • Isolate the device on a separate network segment with strict firewall rules
  • Implement network-based intrusion detection to monitor for exploit attempts

🔍 How to Verify

Check if Vulnerable:

Check device version via web interface or SSH: cat /etc/version or check web admin panel

Check Version:

cat /etc/version || grep -i version /etc/*release

Verify Fix Applied:

Verify service is stopped: systemctl status http_eshell_server should show inactive

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTTP requests to /usr/sbin/http_eshell_server
  • Segmentation fault or crash logs from http_eshell_server

Network Indicators:

  • Unusual traffic patterns to device port 80/443 with buffer overflow patterns

SIEM Query:

source="sgwbox" AND (event="segmentation fault" OR event="buffer overflow")

📊 Metadata

CVE ID: CVE-2025-14708
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.31% exploit probability (54.1th percentile)
Published: December 15, 2025
Last Updated: January 9, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14708, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)