Shiguangwu Sgwbox N3 Command Injection Vulnerability in NETREBOOT Interface

Vulnerability

A command injection vulnerability has been identified in Shiguangwu Sgwbox N3 version 2.0.25. This issue affects the NETREBOOT interface, specifically an unknown function of the file '/usr/sbin/http_eshell_server'. The vulnerability allows unauthorized remote execution of commands on the affected NAS device by sending a crafted POST request to the command interface. The lack of proper input filtering for dangerous characters enables this exploitation. As a result, an unauthenticated attacker can gain root control over the device.

Impact

Exploitation of this vulnerability allows for unauthorized remote command execution, with root privileges, on the affected NAS device.

Added: Dec 15, 2025, 6:18 AM

Updated: Dec 15, 2025, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.5

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.7

remediation

0.0

relevance

1.5

threat

6.5

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Shiguangwu Sgwbox N3 Command Injection Vulnerability in NETREBOOT Interface

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating