CVE-2026-11413
Stack-Based Buffer Overflow in JD Cloud Box AX6600
Publication date: 2026-06-06
Last updated on: 2026-06-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jingdong | jd_cloud_box_ax6600 | 4.5.3.r4546 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow found in the JingDong JD Cloud Box AX6600 device, specifically in the function set_macfilter within the file /sbin/jdcweb_rpc.
A buffer overflow occurs when more data is written to a buffer than it can hold, which can overwrite adjacent memory and lead to unexpected behavior.
In this case, the overflow can be triggered remotely, meaning an attacker can exploit it over the network without physical access to the device.
The vulnerability has been publicly disclosed and an exploit exists, indicating that attackers could potentially use it to compromise the device.
How can this vulnerability impact me? :
Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely on the affected JD Cloud Box AX6600 device.
This could lead to unauthorized access, disruption of device functionality, or denial of service.
Given the high severity scores (CVSS v3.1 score of 8.8 and v2.0 score of 9.0), the impact is significant and could compromise the security and availability of the device and any network it is connected to.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-11413 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability affects the JingDong JD Cloud Box AX6600 device, specifically the set_macfilter function in /sbin/jdcweb_rpc, leading to a stack-based buffer overflow exploitable remotely.
Detection would typically involve monitoring network traffic for suspicious remote calls to the set_macfilter function or unusual activity related to the /sbin/jdcweb_rpc service.
However, no specific detection commands or signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
No explicit mitigation steps or patches are provided in the available information.
Given the vulnerability allows remote exploitation via a stack-based buffer overflow, immediate mitigation could include restricting remote access to the affected device, disabling the vulnerable service if possible, or isolating the device from untrusted networks.
Since the vendor has not responded and no updates are available, monitoring for exploit attempts and preparing for device replacement or firmware updates when available is advisable.