A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-121CWE-119
JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow
Problem type
Affected products
JingDong
JD Cloud Box AX6600
4.5.3.r4546 - AFFECTED
References
VDB-368970 | JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow
https://vuldb.com/vuln/368970
VDB-368970 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/368970/cti
CVE-2026-11413 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11413
Submit #820025 | JD Cloud AX6600 JDCOS-4.5.3.r4546 Stack-based Buffer Overflow
https://vuldb.com/submit/820025
cdn2.v50to.cc
http://cdn2.v50to.cc/JDcloud-AX6600_overflow.zip
GitHub Security Advisories
GHSA-3c6h-v9pm-2435
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The...
https://github.com/advisories/GHSA-3c6h-v9pm-2435A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-11413
vuldb.com
https://vuldb.com/cve/CVE-2026-11413
vuldb.com
https://vuldb.com/submit/820025
vuldb.com
https://vuldb.com/vuln/368970
vuldb.com
https://vuldb.com/vuln/368970/cti
cdn2.v50to.cc
http://cdn2.v50to.cc/JDcloud-AX6600_overflow.zip
github.com
https://github.com/advisories/GHSA-3c6h-v9pm-2435
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11413Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11413",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-06T12:45:11.552Z",
"dateReserved": "2026-06-05T18:40:46.769Z",
"datePublished": "2026-06-06T12:45:11.552Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-06T12:45:11.552Z"
},
"title": "JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "JingDong",
"product": "JD Cloud Box AX6600",
"cpes": [
"cpe:2.3:a:jingdong:jd_cloud_box_ax6600:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "4.5.3.r4546",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Stack-based Buffer Overflow",
"cweId": "CWE-121",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Memory Corruption",
"cweId": "CWE-119",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/368970",
"name": "VDB-368970 | JingDong JD Cloud Box AX6600 jdcweb_rpc set_macfilter stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/368970/cti",
"name": "VDB-368970 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11413",
"name": "CVE-2026-11413 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/820025",
"name": "Submit #820025 | JD Cloud AX6600 JDCOS-4.5.3.r4546 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
]
},
{
"url": "http://cdn2.v50to.cc/JDcloud-AX6600_overflow.zip",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"baseScore": 9
}
}
],
"timeline": [
{
"time": "2026-06-05T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-05T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-05T20:45:50.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "CookedMelon (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}