PT-2025-51195 · Shiguangwu · Sgwbox N3
Rgyue
·
Published
2025-12-15
·
Updated
2025-12-23
·
CVE-2025-14706
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Shiguangwu sgwbox N3 version 2.0.25
Description
A command injection issue exists in the NETREBOOT Interface component of the software. This manipulation can be launched remotely and allows for command execution. The vulnerable file is located at
/usr/sbin/http eshell server, and an unknown function within this file is affected. The vendor was contacted regarding this issue but did not respond.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the NETREBOOT Interface component until a patch is available. Restrict access to the
/usr/sbin/http eshell server file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sgwbox N3