PT-2026-8357 · Jingdong · Jd Cloud Box Ax6600
Shiyufan_Binyuan
·
Published
2026-02-16
·
Updated
2026-02-16
·
CVE-2026-2563
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JingDong JD Cloud Box AX6600 versions prior to 4.5.1.r4533
Description
A flaw exists in JingDong JD Cloud Box AX6600 that could allow for remote privilege escalation. The issue resides within the
jdcapp rpc component, specifically in the /f/service/controlDevice file and the set stcreenen deabled status/get status function. The attack can be initiated remotely, and a publicly available exploit exists. The vendor was informed of this issue but did not provide a response.Recommendations
Versions prior to 4.5.1.r4533 should be updated. As a temporary workaround, consider restricting access to the
jdcapp rpc component to minimize the risk of exploitation. Avoid using the set stcreenen deabled status/get status function until the issue is resolved.Exploit
Fix
LPE
Improper Privilege Management
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Jd Cloud Box Ax6600