Ax6600 Firmware
CVE-2026-2563
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Remote privilege escalation in JingDong JD Cloud Box AX6600 firmware through improper access controls in the jdcapp_rpc service allows authenticated attackers to escalate privileges over the network. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. The issue affects firmware versions up to 4.5.1.r4533 with no patch currently available.
Technical ContextAI
Affects Ax6600 Firmware. A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Ax6600 Firmware
View allRemote command execution in JD Cloud NAS-series routers (AX1800, AX3000, AX6600, BE6500, ER1 and ER2 firmware) allows un
Ax6600 Firmware versions up to 4.5.1. contains a vulnerability that allows attackers to Remote Privilege Escalation (CVS
Remote privilege escalation in JingDong JD Cloud Box AX6600 firmware (up to version 4.5.1.r4533) allows authenticated re
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today