Search criteria
3 vulnerabilities by JingDong
CVE-2026-2563 (GCVE-0-2026-2563)
Vulnerability from cvelistv5 – Published: 2026-02-16 15:32 – Updated: 2026-02-17 14:56
VLAI?
Title
JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privilege escalation
Summary
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JingDong | JD Cloud Box AX6600 |
Affected:
4.5.1.r4533
|
Credits
ShiyuFan_BinYuan (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2563",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:56:47.791492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:56:54.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jdcapp_rpc"
],
"product": "JD Cloud Box AX6600",
"vendor": "JingDong",
"versions": [
{
"status": "affected",
"version": "4.5.1.r4533"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ShiyuFan_BinYuan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T15:32:45.758Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346170 | JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privilege escalation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346170"
},
{
"name": "VDB-346170 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346170"
},
{
"name": "Submit #750987 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750987"
},
{
"name": "Submit #750992 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750992"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/wiki/T3pjwxZtYiU4Gfkl6iUc3CzVnRe"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-15T20:22:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2563",
"datePublished": "2026-02-16T15:32:45.758Z",
"dateReserved": "2026-02-15T19:17:13.144Z",
"dateUpdated": "2026-02-17T14:56:54.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2562 (GCVE-0-2026-2562)
Vulnerability from cvelistv5 – Published: 2026-02-16 15:02 – Updated: 2026-02-17 17:21
VLAI?
Title
JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privilege escalation
Summary
A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JingDong | JD Cloud Box AX6600 |
Affected:
4.5.1.r4533
|
Credits
ShiyuFan_BinYuan (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2562",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T17:20:40.302738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T17:21:03.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jdcweb_rpc"
],
"product": "JD Cloud Box AX6600",
"vendor": "JingDong",
"versions": [
{
"status": "affected",
"version": "4.5.1.r4533"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ShiyuFan_BinYuan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T15:02:49.628Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346169 | JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privilege escalation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346169"
},
{
"name": "VDB-346169 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346169"
},
{
"name": "Submit #750986 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750986"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/wiki/Umb6w4PasizunKkagYschZP1nff"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-15T20:22:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2562",
"datePublished": "2026-02-16T15:02:49.628Z",
"dateReserved": "2026-02-15T19:17:10.095Z",
"dateUpdated": "2026-02-17T17:21:03.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2561 (GCVE-0-2026-2561)
Vulnerability from cvelistv5 – Published: 2026-02-16 14:32 – Updated: 2026-02-17 17:21
VLAI?
Title
JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privilege escalation
Summary
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| JingDong | JD Cloud Box AX6600 |
Affected:
4.5.1.r4533
|
Credits
ShiyuFan_BinYuan (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T17:21:23.224354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T17:21:38.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jdcweb_rpc"
],
"product": "JD Cloud Box AX6600",
"vendor": "JingDong",
"versions": [
{
"status": "affected",
"version": "4.5.1.r4533"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ShiyuFan_BinYuan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T14:32:53.736Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346168 | JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privilege escalation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346168"
},
{
"name": "VDB-346168 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346168"
},
{
"name": "Submit #750977 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750977"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/wiki/URLywnBj2i2dpBk3dcQcWqFZnSK"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-15T20:22:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2561",
"datePublished": "2026-02-16T14:32:53.736Z",
"dateReserved": "2026-02-15T19:17:05.881Z",
"dateUpdated": "2026-02-17T17:21:38.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}