Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
JingDong JD Cloud Box AX6600: Unauthenticated Remote Privilege Escalation
CVE-2026-2561
Summary
A security flaw in the JingDong JD Cloud Box AX6600 allows an attacker to gain elevated access to the device from anywhere on the internet. This could potentially allow hackers to control the device or access sensitive information. Users should update their device to a fixed version to prevent this type of attack.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| jdcloud | ax6600_firmware | <= 4.5.1.r4533 | – |
Original title
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation...
Original description
A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-269
Improper Privilege Management
- https://my.feishu.cn/wiki/URLywnBj2i2dpBk3dcQcWqFZnSK Permissions Required Third Party Advisory
- https://vuldb.com/?ctiid.346168 Third Party Advisory VDB Entry
- https://vuldb.com/?id.346168 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.750977 Third Party Advisory VDB Entry
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026