A critical command injection vulnerability, identified as CVE-2025-14706, affects Shiguangwu sgwbox products. This flaw allows a remote, unauthenticated attacker to execute arbitrary commands on the device, leading to a complete system compromise. Given the vulnerability's critical severity (CVSS 9.8) and the public availability of an exploit, immediate action is required to prevent potential data theft, service disruption, and further network intrusion.

This is a command injection vulnerability within the NETREBOOT Interface component, specifically in the /usr/sbin/http_eshell_server binary. A remote attacker can send specially crafted data to an exposed function on this interface. The system fails to properly sanitize this input before executing it as a system command, allowing the attacker to inject and run arbitrary commands with the privileges of the web service, which could be root-level. Successful exploitation results in a full takeover of the affected device.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over the affected device. This could lead to severe business consequences, including the exfiltration of sensitive configuration data, installation of persistent malware or ransomware, and disruption of critical network services. The compromised device could also be used as a pivot point to launch further attacks against the internal network, escalating the scope of the breach and potentially leading to significant financial loss, operational downtime, and reputational damage.

Immediate Action: Update A vulnerability was identified in Shiguangwu sgwbox Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.

Proactive Monitoring: Security teams should actively monitor for signs of compromise. Check web server access logs for unusual requests targeting the /usr/sbin/http_eshell_server file or NETREBOOT interface. Monitor for unexpected outbound network connections, suspicious running processes, or the creation of unauthorized files and user accounts on affected devices.

Compensating Controls: If patching is not immediately feasible, implement compensating controls. Restrict network access to the device's management interface to a limited set of trusted IP addresses using firewall rules. If the NETREBOOT interface is not essential for business operations, consider disabling it entirely. Deploying an Intrusion Prevention System (IPS) or a Web Application Firewall (WAF) with rules to detect and block command injection patterns can provide an additional layer of defense.

Public Exploit Available: true

Given the critical severity (CVSS 9.8), remote exploitability, and the existence of a public exploit, this vulnerability poses an immediate and significant threat. Organizations must prioritize the remediation of affected Shiguangwu sgwbox devices. The primary course of action is to apply the vendor's patch immediately. If a patch is unavailable due to the vendor's non-responsiveness, the compensating controls listed above, particularly network segmentation and access restriction, must be implemented without delay to reduce the attack surface.