Description
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-03
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a command injection vulnerability in JD Cloud JDCOS version 4.5.1.r4518. It resides in the set_iptv_info function of the Service Interface file /jdcap. By manipulating the vid argument an attacker can execute arbitrary shell commands on the host. The vulnerability permits remote exploitation and an exploit has been publicly published.

Affected Systems

The affected system is JD Cloud JDCOS Service Interface, specifically the set_iptv_info function within /jdcap of JDCOS 4.5.1.r4518. No other vendors, products or versions are reported as impacted.

Risk and Exploitability

The CVSS score for this vulnerability is 5.3, indicating moderate severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The description confirms that a remote attacker can trigger command execution. Because the exploit is available in the wild, the risk is heightened for exposed services. There are no official patches or workarounds yet, and the vendor has not responded to disclosure.

Generated by OpenCVE AI on May 3, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest JD Cloud JDCOS update that fixes the command injection in the set_iptv_info function.
  • Restrict traffic to the /jdcap Service Interface to trusted IP ranges or networks to limit remote exploitability.
  • Enforce strict input validation on the vid parameter or disable the set_iptv_info endpoint until a vendor patch is released.

Generated by OpenCVE AI on May 3, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 03 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title JD Cloud JDCOS Service jdcap set_iptv_info command injection
Weaknesses CWE-74
CWE-77
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-03T22:00:15.286Z

Reserved: 2026-05-03T07:14:33.114Z

Link: CVE-2026-7705

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-03T23:16:41.643

Modified: 2026-05-03T23:16:41.643

Link: CVE-2026-7705

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-03T23:30:31Z

Weaknesses