CVE-2025-14708

CriticalPublic PoC

Published: 15 December 2025

Published

15 December 2025

Modified

09 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0042 62.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing manipulation of the argument params can lead to buffer overflow. The attack…

may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates the 'params' argument in the WIREDCFGGET interface to prevent buffer overflow exploitation from malformed inputs.

SI-16 Memory Protection good match

prevent

Implements memory protections such as ASLR, stack canaries, and DEP to mitigate arbitrary code execution resulting from the buffer overflow vulnerability.

SC-7 Boundary Protection good match

prevent

Enforces boundary protection to monitor and control remote network access to the vulnerable /usr/sbin/http_eshell_server, blocking unauthenticated exploitation attempts.

Security SummaryAI

CVE-2025-14708 is a buffer overflow vulnerability (CWE-119, CWE-120) in Shiguangwu sgwbox N3 version 2.0.25. The flaw affects an unknown functionality in the /usr/sbin/http_eshell_server file of the WIREDCFGGET Interface, where manipulation of the "params" argument triggers the overflow. Published on 2025-12-15, it carries a CVSS v3.1 base score of 9.8, reflecting its critical severity.

Attackers can exploit this vulnerability remotely over the network without authentication, privileges, or user interaction (AV:N/AC:L/PR:N/UI:N/S:U). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution. A public exploit is available, increasing the risk of widespread abuse.

VulDB advisories, which serve as the primary disclosure sources, detail the issue but note that the vendor was contacted early without any response, implying no patches or official mitigations are available. Additional references include VulDB submission pages and a Notion document summarizing the sgwbox NAS N3 buffer overflow.

Details

CWE(s): CWE-119 CWE-120

Affected Products

sgwbox

n3 firmware

≤ 2.0.25

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing HTTP service (http_eshell_server, WIREDCFGGET interface) allows remote unauthenticated arbitrary code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.336425
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.336425
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.706977
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/sgwbox-NAS-N3-Buffer-Overflow-2be6cf4e528a808b9f71fe434929c73b?source=copy_link
Exploit, Third Party Advisory · cna@vuldb.com