PatchSiren cyber security CVE debrief
CVE-2026-11413 JingDong CVE debrief
CVE-2026-11413 is a high-severity vulnerability in JingDong JD Cloud Box AX6600 4.5.3.r4546. The vulnerability exists in the `set_macfilter` function of the `/sbin/jdcweb_rpc` file, which can be exploited remotely to execute arbitrary code via a stack-based buffer overflow. The CVSS score for this vulnerability is 7.4, indicating a high level of severity. The exploit for this vulnerability has been publicly disclosed and may be used by attackers. The vendor, Unknown Vendor, was contacted about this disclosure but did not respond.
- Vendor
- JingDong
- Product
- JD Cloud Box AX6600
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-06
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-06
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of JingDong JD Cloud Box AX6600 4.5.3.r4546 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by a stack-based buffer overflow in the `set_macfilter` function of the `/sbin/jdcweb_rpc` file. This can be exploited remotely by attackers to execute arbitrary code.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor, if available.
- Restrict access to the `/sbin/jdcweb_rpc` file and the `set_macfilter` function.
- Monitor network traffic and system logs for suspicious activity.
Evidence notes
The CVE record and NVD detail pages provide additional information about this vulnerability.
Official resources
CVE-2026-11413 was published on 2026-06-06T14:16:20.060Z and modified on 2026-06-09T17:17:00.723Z.