This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Buffer Overflow in SGWBox N3 NAS. π **Consequences**: Full system compromise. The flaw lies in `/usr/sbin/http_eshell_server` handling `params`. π₯ **Impact**: High (CVSS 9.8).β¦
π **Privileges**: Remote Code Execution (RCE). ποΈ **Access**: No authentication required (PR:N). π **Data**: Full read/write access to the device. π **Control**: Complete takeover of the NAS system.
Q5Is exploitation threshold high? (Auth/Config)
π **Auth**: None Required (PR:N). π **Network**: Network Accessible (AV:N). π― **Complexity**: Low (AC:L). π **Threshold**: **Extremely Low**. Any attacker on the network can exploit this easily.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π’ **Public Exploit**: Yes. π **Reference**: Notion link provided in data. π **Status**: Active exploitation indicators exist (VDB-336425). β‘ **Risk**: Wild exploitation is highly probable given low barrier.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for SGWBox N3 devices. π **Target**: Look for `/usr/sbin/http_eshell_server`. π‘ **Method**: Send malformed `params` to the service. π οΈ **Tool**: Use existing PoC from the Notion reference.
Q8Is it fixed officially? (Patch/Mitigation)
π‘οΈ **Patch**: Not explicitly mentioned in data. π **Published**: 2025-12-15. β³ **Status**: Likely **Unpatched** or requires vendor update. π **Action**: Contact Shiguangwu support immediately.
Q9What if no patch? (Workaround)
π« **Workaround**: Block network access to the device. π **Isolate**: Disconnect from the internet/public network. 𧱠**Firewall**: Restrict access to trusted IPs only.β¦