CVE-2026-11413
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in JD Cloud Box AX6600

Publication date: 2026-06-06

Last updated on: 2026-06-09

Assigner: VulDB

Description
A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-06
Last Modified
2026-06-09
Generated
2026-06-27
AI Q&A
2026-06-06
EPSS Evaluated
2026-06-25
NVD
CVE-2026-11413
EUVD
EUVD-2026-34968
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jingdong jd_cloud_box_ax6600 4.5.3.r4546
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a stack-based buffer overflow found in the JingDong JD Cloud Box AX6600 device, specifically in the function set_macfilter within the file /sbin/jdcweb_rpc.

A buffer overflow occurs when more data is written to a buffer than it can hold, which can overwrite adjacent memory and lead to unexpected behavior.

In this case, the overflow can be triggered remotely, meaning an attacker can exploit it over the network without physical access to the device.

The vulnerability has been publicly disclosed and an exploit exists, indicating that attackers could potentially use it to compromise the device.

Impact Analysis

Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely on the affected JD Cloud Box AX6600 device.

This could lead to unauthorized access, disruption of device functionality, or denial of service.

Given the high severity scores (CVSS v3.1 score of 8.8 and v2.0 score of 9.0), the impact is significant and could compromise the security and availability of the device and any network it is connected to.

Compliance Impact

The provided information does not specify how the CVE-2026-11413 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability affects the JingDong JD Cloud Box AX6600 device, specifically the set_macfilter function in /sbin/jdcweb_rpc, leading to a stack-based buffer overflow exploitable remotely.

Detection would typically involve monitoring network traffic for suspicious remote calls to the set_macfilter function or unusual activity related to the /sbin/jdcweb_rpc service.

However, no specific detection commands or signatures are provided in the available resources.

Mitigation Strategies

No explicit mitigation steps or patches are provided in the available information.

Given the vulnerability allows remote exploitation via a stack-based buffer overflow, immediate mitigation could include restricting remote access to the affected device, disabling the vulnerable service if possible, or isolating the device from untrusted networks.

Since the vendor has not responded and no updates are available, monitoring for exploit attempts and preparing for device replacement or firmware updates when available is advisable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11413. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart