Skip to main content

Er1 Firmware

1 CVEs product

Monthly

CVE-2025-66848 CRITICAL Act Now

Remote command execution in JD Cloud NAS-series routers (AX1800, AX3000, AX6600, BE6500, ER1 and ER2 firmware) allows unauthenticated network attackers to inject and run arbitrary OS commands on the device. The flaw is rated CVSS 9.8 with an unauthenticated network vector, and while no public exploit has been identified, its EPSS of 1.01% (59th percentile) reflects moderate near-term exploitation likelihood. Successful abuse yields full control of the router, making it a pivot point into the internal network.

Code Injection RCE Ax1800 Firmware Ax3000 Firmware Ax6600 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
1.0%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote command execution in JD Cloud NAS-series routers (AX1800, AX3000, AX6600, BE6500, ER1 and ER2 firmware) allows unauthenticated network attackers to inject and run arbitrary OS commands on the device. The flaw is rated CVSS 9.8 with an unauthenticated network vector, and while no public exploit has been identified, its EPSS of 1.01% (59th percentile) reflects moderate near-term exploitation likelihood. Successful abuse yields full control of the router, making it a pivot point into the internal network.

Code Injection RCE Ax1800 Firmware +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy