Login Sign Up

CVE-2026-2563

6.3 MEDIUM

📋 TL;DR

A remote privilege escalation vulnerability in JingDong JD Cloud Box AX6600 allows attackers to gain elevated privileges by manipulating the set_stcreenen_deabled_status/get_status functions. This affects devices running firmware up to version 4.5.1.r4533. The vulnerability is remotely exploitable and public exploit code exists.

💻 Affected Systems

Products:
  • JingDong JD Cloud Box AX6600
Versions: Up to 4.5.1.r4533
Operating Systems: Embedded Linux (vendor firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the jdcapp_rpc component specifically through the /f/service/controlDevice endpoint.

📦 What is this software?

Ax6600 Firmware by Jdcloud

View all CVEs affecting Ax6600 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code, access sensitive data, and maintain persistent access.

🟠

Likely Case

Attackers gain administrative control over the device to modify configurations, intercept traffic, or use as a pivot point for further attacks.

🟢

If Mitigated

Limited impact if device is isolated from untrusted networks and proper access controls are implemented.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit code exists, making internet-facing devices prime targets.
🏢 Internal Only: MEDIUM - Internal devices are still vulnerable to network-based attacks from compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit is publicly available and the vendor has not responded to disclosure, suggesting active exploitation is probable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor vendor channels for firmware updates beyond version 4.5.1.r4533.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks and restrict access to management interfaces.

Access Control Lists

all

Implement firewall rules to restrict access to the vulnerable endpoint (/f/service/controlDevice).

🧯 If You Can't Patch

  • Remove affected devices from production networks or place them in isolated VLANs
  • Implement strict network monitoring for unusual traffic patterns to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or SSH if available. Vulnerable if version is ≤ 4.5.1.r4533.

Check Version:

Check device web interface or use vendor-specific CLI commands if available.

Verify Fix Applied:

Verify firmware version is updated beyond 4.5.1.r4533 when vendor releases patch.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access to /f/service/controlDevice endpoint
  • Privilege escalation attempts in system logs

Network Indicators:

  • Unexpected network traffic to device management ports
  • Exploit-specific patterns to vulnerable endpoint

SIEM Query:

Search for network connections to port associated with /f/service/controlDevice from untrusted sources.

📊 Metadata

CVE ID: CVE-2026-2563
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
Published: February 16, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2563, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)