A critical remote code execution vulnerability has been identified in Shiguangwu sgwbox products. This flaw, tracked as CVE-2025-14708 with a CVSS score of 9.8, allows a remote attacker to take complete control of an affected device without authentication. Due to the public availability of an exploit and the vendor's unresponsiveness, this vulnerability poses an immediate and severe risk to organizations using the affected products.

This vulnerability is a buffer overflow within the /usr/sbin/http_eshell_server binary, specifically in the component handling the WIREDCFGGET interface. A remote, unauthenticated attacker can send a specially crafted request with a manipulated params argument to this interface. This manipulation overflows a buffer, allowing the attacker to execute arbitrary code on the device with the privileges of the service, potentially leading to a full system compromise.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could lead to a complete compromise of the affected sgwbox device. A remote attacker could gain full control, enabling them to steal sensitive data, install malware or ransomware, disrupt device operations, or use the compromised system as a pivot point to launch further attacks against the internal network. The lack of vendor response and the public availability of an exploit significantly increase the likelihood of widespread, automated attacks, posing a direct threat to data confidentiality, integrity, and availability.

Immediate Action: The primary recommendation is to update affected Shiguangwu sgwbox products to the latest patched version. However, given the vendor has been unresponsive, a patch may not be available. If a patch cannot be applied, organizations must immediately implement compensating controls.

Proactive Monitoring:

• Monitor network traffic for connections to the http_eshell_server service, specifically looking for anomalous requests to the WIREDCFGGET interface or requests containing overly long params arguments.
• Review system and application logs on the device for any crashes, restarts, or unexpected behavior related to the /usr/sbin/http_eshell_server process.
• Utilize network intrusion detection/prevention systems (IDS/IPS) with signatures designed to detect and block exploitation attempts against this CVE.

Compensating Controls:

• Restrict network access to the device's management interface using a firewall or Access Control Lists (ACLs), allowing connections only from trusted IP addresses or management networks.
• If the WIREDCFGGET interface or the http_eshell_server service is not essential for business operations, disable it.
• Segment the network to isolate affected devices, preventing lateral movement in the event of a compromise.

Public Exploit Available: true

Immediate action is required. This vulnerability represents a clear and present danger to the organization due to its critical severity (CVSS 9.8), remote exploitability, and the confirmed availability of a public exploit. Due to the high probability of active exploitation, organizations must treat this vulnerability with the highest priority. If a patch is not available, the implementation of compensating controls, particularly restricting network access to the vulnerable interface, is mandatory to mitigate the risk of a system compromise.