Sgwbox N3 is a network management software used by some organizations for remote access and configuration. This vulnerability allows attackers to execute arbitrary commands on the server by manipulating the NETREBOOT Interface, leading to command injection. The attack can be launched remotely without any user interaction or privileges required.
You're affected if you use Shiguangwu sgwbox N3 version 2.0.25.
Check with: ls /usr/sbin/http_eshell_server (Note: This check command is specific to the affected system and may not work on other systems.)
This is Shiguangwu sgwbox N3, NOT similar products like Netgear or Cisco devices.
Upgrade to version 2.0.26 or later from the vendor's website.
- Immediate mitigations:
- Restrict network access to your sgwbox N3 instance (firewall it from the public internet)
- Audit remote access activity for suspicious patterns