CVE-2026-11413 | A security vulnerability has been detected in JingDong JD Cl… | CVSS 8.8 HIGH

Description

A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID: CVE-2026-11413
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-05 18:40 UTC
Published: 2026-06-06 12:45 UTC
Last updated: 2026-06-09 15:45 UTC
Primary CWE: CWE-121
Stack-based Buffer Overflow
Vendor / Product: JingDong / JD Cloud Box AX6600
Sources: cve.org · NVD

Severity & Metrics

8.8 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
JingDong	JD Cloud Box AX6600	—	4.5.3.r4546

Weakness (CWE)

CWE	Source	Description
CWE-119	cna	Memory Corruption
CWE-121	cna	Stack-based Buffer Overflow

CVSS scores (4)

Score	Severity	Version	Source	Vector
9.0	N/D	2.0	cna	AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR
8.8	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.8	HIGH	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References (5)

VDB-368970 | JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow https://vuldb.com/vuln/368970
VDB-368970 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/368970/cti
CVE-2026-11413 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-11413
Submit #820025 | JD Cloud AX6600 JDCOS-4.5.3.r4546 Stack-based Buffer Overflow https://vuldb.com/submit/820025
http://cdn2.v50to.cc/JDcloud-AX6600_overflow.zip