CVE-2025-14183

Description

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Weakness Type (CWE)

CWE-255 CWE-255

CWE-256 CWE-256

References

Other References

https://vuldb.com/?ctiid.334603 https://vuldb.com/?id.334603 https://vuldb.com/?submit.698566 https://vuldb.com/?submit.698567 https://www.notion.so/2b16cf4e528a8000b30bd543247fa1bd https://www.notion.so/2b16cf4e528a80859264db63f2340d7a

Frequently Asked Questions

What is CVE-2025-14183? +

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. It has a CVSS v3.1 base score of 4.3 (MEDIUM).

How severe is CVE-2025-14183? +

CVE-2025-14183 has a CVSS v3.1 score of 4.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

How do I check if I'm vulnerable to CVE-2025-14183? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2021-37000 7.7

Some Huawei wearables have a permission management vulnerability.

CVE-2025-11284 7.3

A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an …

CVE-2025-11649 7.0

A vulnerability was found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the …

CVE-2025-11666 6.7

A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file …

CVE-2025-13187 5.3

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such …

CVE-2025-13221 5.3

A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. …