Shiyufan_Binyuan

#10487of 53,633
26.4Total CVSS
Vulnerabilities · 3
High
3
PT-2026-8352
8.8
2026-02-16
Jingdong · Jd Cloud Box Ax6600 · CVE-2026-2561
**Name of the Vulnerable Software and Affected Versions** JingDong JD Cloud Box AX6600 versions through 4.5.1.r4533 **Description** A flaw exists in JingDong JD Cloud Box AX6600 that allows for remote privilege escalation. The issue is located within the `jdcweb rpc` component, specifically in the `web get ddns uptime` function of the `/jdcapi` file. Successful manipulation of this function can lead to unauthorized privilege escalation. The exploit for this issue has been publicly released. The vendor was notified but did not provide a response. **Recommendations** Versions prior to 4.5.1.r4533 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-8353
8.8
2026-02-16
Jingdong · Jd Cloud Box Ax6600 · CVE-2026-2562
**Name of the Vulnerable Software and Affected Versions** JingDong JD Cloud Box AX6600 versions through 4.5.1.r4533 **Description** A flaw exists in JingDong JD Cloud Box AX6600. The issue is related to the `cast streen` function within the `jdcweb rpc` component, specifically in the file `/jdcapi`. Manipulation of the `File` argument can lead to Remote Privilege Escalation. The attack can be carried out remotely. The exploit for this issue has been publicly disclosed. **Recommendations** Versions prior to 4.5.1.r4533 should be updated.
PT-2026-8357
8.8
2026-02-16
Jingdong · Jd Cloud Box Ax6600 · CVE-2026-2563
**Name of the Vulnerable Software and Affected Versions** JingDong JD Cloud Box AX6600 versions prior to 4.5.1.r4533 **Description** A flaw exists in JingDong JD Cloud Box AX6600 that could allow for remote privilege escalation. The issue resides within the `jdcapp rpc` component, specifically in the `/f/service/controlDevice` file and the `set stcreenen deabled status/get status` function. The attack can be initiated remotely, and a publicly available exploit exists. The vendor was informed of this issue but did not provide a response. **Recommendations** Versions prior to 4.5.1.r4533 should be updated. As a temporary workaround, consider restricting access to the `jdcapp rpc` component to minimize the risk of exploitation. Avoid using the `set stcreenen deabled status/get status` function until the issue is resolved.