Shiguangwu sgwbox N3 Improper Authentication Vulnerability in POST Message Handler

Vulnerability

An improper authentication vulnerability has been identified in Shiguangwu sgwbox N3 version 2.0.25. The issue arises in an unknown function of the file '/fsnotify' within the POST Message Handler component. Manipulating the 'token' argument leads to inadequate authentication, allowing remote exploitation. This vulnerability has been publicly disclosed, and the vendor was notified but did not respond.

Impact

Exploitation of this vulnerability bypasses authentication, potentially allowing unauthorized users to access internal information, manipulate the NAS device, and execute specific commands.

Added: Dec 15, 2025, 4:18 AM

Updated: Dec 15, 2025, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shiguangwu sgwbox N3 Improper Authentication Vulnerability in POST Message Handler

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating