Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JingDong JD Cloud Box AX6600: Remote Privilege Escalation Risk
CVE-2026-2562
Summary
A security flaw in the JingDong JD Cloud Box AX6600 allows an attacker to access sensitive areas of the system remotely. This could potentially allow an attacker to take control of the system. We recommend that you update the system to the latest version to protect against this risk.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jdcloud | ax6600_firmware | <= 4.5.1.r4533 | – |
Original title
A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of ...
Original description
A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-269
Improper Privilege Management
- https://my.feishu.cn/wiki/Umb6w4PasizunKkagYschZP1nff Permissions Required Third Party Advisory
- https://vuldb.com/?ctiid.346169 Third Party Advisory VDB Entry
- https://vuldb.com/?id.346169 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.750986 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026