Description
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-06-06
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack-based buffer overflow in the set_macfilter function of the /sbin/jdcweb_rpc component on JingDong JD Cloud Box AX6600 firmware 4.5.3.r4546. By carefully crafting input to this function, an attacker could overwrite adjacent memory on the stack, potentially gaining arbitrary code execution privileges on the device. This flaw directly compromises confidentiality, integrity, and availability of the affected system.

Affected Systems

JingDong JD Cloud Box AX6600 devices running firmware version 4.5.3.r4546 are impacted. Any deployment using this specific build of the jdcweb_rpc service is vulnerable.

Risk and Exploitability

The CVSS score of 8.7 classifies the flaw as a high severity issue. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, but the exploit is publicly disclosed and could be leveraged remotely. Attackers would need network access to the jdcweb_rpc interface, and the lack of a vendor response increases the urgency of defensive measures.

Generated by OpenCVE AI on June 6, 2026 at 15:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for firmware updates that address the set_macfilter flaw.
  • If an update is not immediately available, block or restrict network access to the /sbin/jdcweb_rpc endpoint, limiting exposure to trusted administrative traffic.
  • Enable logging and continuous monitoring of the JD Cloud Box to detect anomalous attempts to manipulate MAC filtering settings.
  • Contact JingDong support to request an official fix or an interim mitigation and follow up regularly for patch availability.

Generated by OpenCVE AI on June 6, 2026 at 15:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 06 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow
First Time appeared Jingdong
Jingdong jd Cloud Box Ax6600
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:jingdong:jd_cloud_box_ax6600:*:*:*:*:*:*:*:*
Vendors & Products Jingdong
Jingdong jd Cloud Box Ax6600
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Jingdong Jd Cloud Box Ax6600
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-06T12:45:11.552Z

Reserved: 2026-06-05T18:40:46.769Z

Link: CVE-2026-11413

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-06T14:16:20.060

Modified: 2026-06-06T14:16:20.060

Link: CVE-2026-11413

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-06T15:15:23Z

Weaknesses