JD Cloud Router CVE-2025-66848
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthorized network-reachable command injection with no auth or interaction gives AV:N/AC:L/PR:N/UI:N, and full device compromise yields C:H/I:H/A:H.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.
AnalysisAI
Remote command execution in JD Cloud NAS-series routers (AX1800, AX3000, AX6600, BE6500, ER1 and ER2 firmware) allows unauthenticated network attackers to inject and run arbitrary OS commands on the device. The flaw is rated CVSS 9.8 with an unauthenticated network vector, and while no public exploit has been identified, its EPSS of 1.01% (59th percentile) reflects moderate near-term exploitation likelihood. Successful abuse yields full control of the router, making it a pivot point into the internal network.
Technical ContextAI
The affected devices are consumer/SOHO Wi-Fi and NAS routers manufactured under the JD Cloud (Jingdong) brand, identified in NVD CPE data as jdcloud ax1800_firmware, ax3000_firmware, ax6600_firmware, be6500_firmware, er1_firmware and er2_firmware (operating-system-class CPEs). The root cause class is CWE-94 (Improper Control of Generation of Code / Code Injection), which in embedded router firmware typically stems from a web-management or backend service passing attacker-controlled input into a shell or command interpreter without sanitization. Because the CPEs are firmware-level, the vulnerability resides in the device operating system itself rather than a third-party add-on, and the vendor tags (RCE, Code Injection) corroborate a command-injection primitive reachable over the network.
RemediationAI
No vendor-released patch version is identified in the available data, so upgrade to firmware newer than the listed vulnerable builds (AX1800 > 4.3.1.r4308, AX3000 > 4.3.1.r4318, AX6600 > 4.5.1.r4533, BE6500 > 4.4.1.r4308, ER1 and ER2 > 4.5.1.r4518) as soon as JD Cloud publishes fixed firmware, monitoring https://www.jdcloud.com/cn/ for advisories. Until a patched build is confirmed, apply compensating controls: disable remote/WAN-side web management so the vulnerable interface is not reachable from the internet (side effect: administration only from the LAN); restrict access to the router management port to a trusted management VLAN or specific admin hosts via firewall ACLs (side effect: breaks remote admin and app-based management); and place these routers behind an upstream firewall if they are edge-facing. If the device is non-critical and internet-exposed, consider replacing it with a supported model, as consumer router firmware fixes can be slow.
More in Ax1800 Firmware
View allGL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated h
An issue was discovered on certain GL-iNet devices. Rated high severity (CVSS 7.5), this vulnerability is remotely explo
Ax1800 Firmware versions up to 4.2.0 is affected by improper restriction of excessive authentication attempts (CVSS 6.5)
An issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Rated m
An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT
Ax1800 Firmware versions up to 4.2.0 is affected by improper restriction of excessive authentication attempts (CVSS 5.1)
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today