Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JingDong JD Cloud Box AX6600: Unauthorized Access to Device Settings
CVE-2026-2563
Summary
A security issue affects the settings function in the JingDong JD Cloud Box AX6600's software. This allows an attacker to access and potentially control the device remotely, which could lead to unauthorized changes or disruptions. The vendor is not aware of the vulnerability, but a public exploit exists, so it's essential to take precautions to protect your device.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jdcloud | ax6600_firmware | <= 4.5.1.r4533 | – |
Original title
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the compon...
Original description
A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-269
Improper Privilege Management
- https://my.feishu.cn/wiki/T3pjwxZtYiU4Gfkl6iUc3CzVnRe Permissions Required Third Party Advisory
- https://vuldb.com/?ctiid.346170 Third Party Advisory VDB Entry
- https://vuldb.com/?id.346170 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.750987 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.750992 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026