Which versions of JD Cloud Box AX6600 are affected by EUVD-2026-34968?

The JingDong JD Cloud Box AX6600 router contains a critical remote code execution vulnerability in firmware 4.5.3.r4546-publicly available exploit code exists-significantly increasing attack…

Is there a public PoC exploit available for EUVD-2026-34968?

Yes, a public proof-of-concept exploit is available for EUVD-2026-34968. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-34968?

Within 24 hours: Identify and inventory all JingDong JD Cloud Box AX6600 routers running firmware 4.5.3.r4546 or earlier; isolate vulnerable units from production networks or restrict management interface access. Within 7 days: Deploy firewall rules limiting management interface access to specific authorized administrator IP ranges; enable detailed access logging on all management connections. Within 30 days: Initiate replacement procurement or firmware upgrade evaluation; contact JingDong vendor for any firmware releases beyond 4.5.3.r4546 and identify alternative router solutions.

JD Cloud Box AX6600 EUVD-2026-34968

Q: What is the CVSS score of EUVD-2026-34968?

EUVD-2026-34968 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-11413 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-06-06 VulDB

GHSA-3c6h-v9pm-2435

Stack Overflow Buffer Overflow Jd Cloud Box Ax6600

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Jun 06, 2026 - 14:28 vuln.today

v3 (cvss_changed)

Analysis Updated

Jun 06, 2026 - 14:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Jun 06, 2026 - 14:22 vuln.today

cvss_changed

CVSS changed

Jun 06, 2026 - 14:22 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Jun 06, 2026 - 13:50 vuln.today

DescriptionCVE.org

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Stack-based buffer overflow in JingDong JD Cloud Box AX6600 firmware 4.5.3.r4546 allows authenticated remote attackers to corrupt memory via the set_macfilter function in /sbin/jdcweb_rpc, potentially achieving arbitrary code execution on the router. Publicly available exploit code exists (archive hosted on cdn2.v50to.cc), increasing the likelihood of opportunistic abuse against exposed devices. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Reach jdcweb_rpc management interface

Delivery

Authenticate with low-privilege credentials

Exploit

Send oversized set_macfilter RPC argument

Install

Overflow stack buffer in /sbin/jdcweb_rpc

Hijack saved return address

Execute

Execute attacker code on router

Impact

Pivot or intercept LAN traffic