CVE-2025-14708
BaseFortify
Publication date: 2025-12-15
Last updated on: 2025-12-23
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sgwbox | n3_nas | to 2.0.25 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-14708 is a critical buffer overflow vulnerability in Shiguangwu sgwbox N3 version 2.0.25. It occurs in the WIREDCFGGET interface within the file /usr/sbin/http_eshell_server due to improper handling of the 'params' argument. Specifically, input data is copied from an input buffer to an output buffer without verifying that the input size is smaller than the output buffer size, leading to a buffer overflow. This flaw can be exploited remotely without authentication by sending specially crafted inputs, causing a service crash or denial-of-service condition on the affected NAS device. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a remote denial-of-service (DoS) condition by crashing the service on the affected NAS device. It impacts the confidentiality, integrity, and availability of the system, making it highly critical. Since it can be exploited remotely without authentication, attackers can disrupt services or potentially leverage the flaw for further attacks. No patches or mitigations are currently known, increasing the risk to affected users. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or malformed requests sent to the WIREDCFGGET interface on the affected device, specifically targeting the /usr/sbin/http_eshell_server service. Since the exploit involves sending specially crafted inputs to the 'params' argument, network intrusion detection systems (NIDS) can be configured to alert on suspicious traffic patterns or payloads targeting this interface. However, no specific detection commands or signatures are provided in the available resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the affected device, especially blocking remote access to the WIREDCFGGET interface or the /usr/sbin/http_eshell_server service. Since no patches or vendor mitigations are currently available, consider isolating or replacing the affected product to prevent exploitation. Monitoring for exploitation attempts and applying network-level protections such as firewalls or intrusion prevention systems is also recommended. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability impacts the confidentiality, integrity, and availability of the affected system, which could lead to non-compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data and system availability. However, no specific compliance implications or regulatory impacts are detailed in the provided resources. [2]