CVE-2026-11413 | THREATINT

Description

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-06-05 | Published 2026-06-06 | Updated 2026-06-06 | Assigner VulDB

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

HIGH: 8.8CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

9.0AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

4.5.3.r4546

affected

Timeline

2026-06-05:	Advisory disclosed
2026-06-05:	VulDB entry created
2026-06-05:	VulDB entry last update

Credits

CookedMelon (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/368970 (VDB-368970 | JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow) vdb-entry technical-description

vuldb.com/vuln/368970/cti (VDB-368970 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-11413 (CVE-2026-11413 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/820025 (Submit #820025 | JD Cloud AX6600 JDCOS-4.5.3.r4546 Stack-based Buffer Overflow) third-party-advisory

cdn2.v50to.cc/JDcloud-AX6600_overflow.zip exploit

cve.org (CVE-2026-11413)

nvd.nist.gov (CVE-2026-11413)

Download JSON