CVE-2026-2563

Name of the Vulnerable Software and Affected Versions JingDong JD Cloud Box AX6600 versions prior to 4.5.1.r4533

Description A flaw exists in JingDong JD Cloud Box AX6600 that could allow for remote privilege escalation. The issue resides within the jdcapp rpc component, specifically in the /f/service/controlDevice file and the set stcreenen deabled status/get status function. The attack can be initiated remotely, and a publicly available exploit exists. The vendor was informed of this issue but did not provide a response.

Recommendations Versions prior to 4.5.1.r4533 should be updated. As a temporary workaround, consider restricting access to the jdcapp rpc component to minimize the risk of exploitation. Avoid using the set stcreenen deabled status/get status function until the issue is resolved.