CVE-2025-14708
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-23

Assigner: VulDB

Description
A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-14
NVD
CVE-2025-14708
EUVD
EUVD-2025-203342
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sgwbox n3_nas to 2.0.25 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-14708 is a critical buffer overflow vulnerability in Shiguangwu sgwbox N3 version 2.0.25. It occurs in the WIREDCFGGET interface within the file /usr/sbin/http_eshell_server due to improper handling of the 'params' argument. Specifically, input data is copied from an input buffer to an output buffer without verifying that the input size is smaller than the output buffer size, leading to a buffer overflow. This flaw can be exploited remotely without authentication by sending specially crafted inputs, causing a service crash or denial-of-service condition on the affected NAS device. [1, 2]

Impact Analysis

This vulnerability can lead to a remote denial-of-service (DoS) condition by crashing the service on the affected NAS device. It impacts the confidentiality, integrity, and availability of the system, making it highly critical. Since it can be exploited remotely without authentication, attackers can disrupt services or potentially leverage the flaw for further attacks. No patches or mitigations are currently known, increasing the risk to affected users. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for unusual or malformed requests sent to the WIREDCFGGET interface on the affected device, specifically targeting the /usr/sbin/http_eshell_server service. Since the exploit involves sending specially crafted inputs to the 'params' argument, network intrusion detection systems (NIDS) can be configured to alert on suspicious traffic patterns or payloads targeting this interface. However, no specific detection commands or signatures are provided in the available resources. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting network access to the affected device, especially blocking remote access to the WIREDCFGGET interface or the /usr/sbin/http_eshell_server service. Since no patches or vendor mitigations are currently available, consider isolating or replacing the affected product to prevent exploitation. Monitoring for exploitation attempts and applying network-level protections such as firewalls or intrusion prevention systems is also recommended. [2]

Compliance Impact

The vulnerability impacts the confidentiality, integrity, and availability of the affected system, which could lead to non-compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data and system availability. However, no specific compliance implications or regulatory impacts are detailed in the provided resources. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14708. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart