Vulnerability-Lookup - Search a vulnerability

Refine your search

Product

Sort by

Order

Sources

1 vulnerability found for by JD

CVE-2025-15081 (GCVE-0-2025-15081)

Vulnerability from cvelistv5

Published

2025-12-25 15:02

Modified

2025-12-25 15:02

Severity ?

2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R

CWE

CWE-77 - Command Injection
CWE-74 - Injection

Summary

A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

URL

Tags

	https://vuldb.com/?id.338409	vdb-entry, technical-description
	https://vuldb.com/?ctiid.338409	signature, permissions-required
	https://vuldb.com/?submit.707276	third-party-advisory
	https://gist.github.com/isstabber/4ed3554130681e50b3e987c3c4ee1f29	exploit

Impacted products

	Vendor	Product	Version
	JD	Cloud BE6500	Version: 4.4.1.r4308

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Cloud BE6500",
          "vendor": "JD",
          "versions": [
            {
              "status": "affected",
              "version": "4.4.1.r4308"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Sta8r9 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-25T15:02:06.546Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-338409 | JD Cloud BE6500 jdcapi sub_4780 command injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.338409"
        },
        {
          "name": "VDB-338409 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.338409"
        },
        {
          "name": "Submit #707276 | JD cloud \u4eac\u4e1c\u4e91 JD Cloud BE6500 4.4.1.r4308 Command Injection",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.707276"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/isstabber/4ed3554130681e50b3e987c3c4ee1f29"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-25T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-12-25T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-12-25T10:34:13.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "JD Cloud BE6500 jdcapi sub_4780 command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15081",
    "datePublished": "2025-12-25T15:02:06.546Z",
    "dateReserved": "2025-12-25T09:29:08.682Z",
    "dateUpdated": "2025-12-25T15:02:06.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}