Shiguangwu sgwbox N3 Buffer Overflow

CRITICAL (9.8) No Patch
cwe-119cwe-120aenrichauthentication-bypassbuffer-overflowhr-softwareremote-exploitsgwbox-n3shiguangwutoken-forgery

Threat Intelligence

Low Risk
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Shiguangwu sgwbox N3 is a network management software used for managing and monitoring network devices. The vulnerability discovered in this software allows an attacker to execute arbitrary code on the server by manipulating the "params" argument in the /usr/sbin/http_eshell_server file of the WIREDCFGGET Interface, leading to a buffer overflow. This vulnerability poses a significant risk as it can be exploited remotely without any user interaction or privileges.

Am I affected?

You're affected if you use Shiguangwu sgwbox N3 version 2.0.25. Check with: find / -name "sgwbox_n3*.bin" (Note: This command may not work on all systems, and the exact command to check for the software might vary depending on your environment.)

Affected Products

Shiguangwu / sgwbox N3

How to fix

  1. Upgrade to Shiguangwu sgwbox N3 version 2.0.26 or later from their official website.
  2. Immediate mitigations:
  3. Restrict network access to your sgwbox N3 instance (firewall it from the public internet)
  4. Audit system logs for suspicious activity patterns

References