A critical remote command injection vulnerability, identified as CVE-2025-14705, has been discovered in multiple Shiguangwu sgwbox products. This flaw allows a remote, unauthenticated attacker to execute arbitrary commands on an affected device by sending a malicious request to the SHARESERVER feature. Successful exploitation could lead to a complete system compromise, posing a severe risk to data confidentiality, integrity, and availability.

The vulnerability is a command injection flaw within an unspecified function of the SHARESERVER component. An attacker can craft a malicious request manipulating the params argument to include operating system commands. When the application processes this input without proper sanitization, it executes the injected commands with the privileges of the application, which could lead to a full system takeover. The attack is low-complexity and can be initiated remotely without requiring any user authentication.

This vulnerability carries a critical severity rating with a CVSS score of 9.8. Exploitation by a remote attacker could result in the complete compromise of the affected device. Potential consequences include theft of sensitive data, deployment of ransomware or other malware, disruption of critical services, and using the compromised device as a pivot point to launch further attacks against the internal network. The public availability of an exploit significantly increases the likelihood of attack, posing an immediate and severe risk to the organization.

Immediate Action: Update affected Shiguangwu sgwbox products to the latest patched version immediately. If a patch is not yet available, consider the compensating controls listed below as a temporary measure.

Proactive Monitoring: Actively monitor network traffic and device logs for signs of exploitation. Look for unusual requests to the SHARESERVER feature, especially those containing shell metacharacters (e.g., ;, |, &&, $(), `) within the params argument. Review access logs for connections from untrusted IP addresses attempting to interact with this component.

Compensating Controls: If patching is not immediately possible, implement the following controls:

• Use a firewall or network access control lists (ACLs) to restrict access to the device's management interface and SHARESERVER port from untrusted networks.
• Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rules designed to detect and block command injection attempts.
• Isolate the affected device from the internet and critical internal network segments if its functionality allows.

Public Exploit Available: true

Given the critical CVSS score of 9.8, the remote and unauthenticated nature of the attack, and the public availability of an exploit, this vulnerability requires immediate attention. Organizations must prioritize patching affected Shiguangwu sgwbox devices without delay. Although this CVE is not currently on the CISA KEV list, its characteristics make it a likely candidate for widespread exploitation. If a patch is unavailable due to vendor non-responsiveness, the compensating controls outlined above must be implemented as an urgent priority to mitigate the high risk of compromise.