PT-2026-8352 · Jingdong · Jd Cloud Box Ax6600
Shiyufan_Binyuan
·
Published
2026-02-16
·
Updated
2026-02-16
·
CVE-2026-2561
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JingDong JD Cloud Box AX6600 versions through 4.5.1.r4533
Description
A flaw exists in JingDong JD Cloud Box AX6600 that allows for remote privilege escalation. The issue is located within the
jdcweb rpc component, specifically in the web get ddns uptime function of the /jdcapi file. Successful manipulation of this function can lead to unauthorized privilege escalation. The exploit for this issue has been publicly released. The vendor was notified but did not provide a response.Recommendations
Versions prior to 4.5.1.r4533 are affected.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Privilege Management
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jd Cloud Box Ax6600