| शीर्षक | jdcloud 京东云无线宝ER1 太乙 有线路由 千兆路由器 JDCOS-JDC08-4.5.1.r4518 Remote code execution |
|---|
| विवरण | A remote code execution (RCE) vulnerability exists in multiple JD Cloud Wireless Treasure IoT devices, posing a severe security risk to affected equipment. The root cause of this flaw lies in the lack of proper input validation, filtering, and sanitization for externally controllable command parameters within the device’s service interface. These untrusted parameters are directly concatenated into system command-line arguments without any restriction on special shell metacharacters or command separators, creating a straightforward command injection vector. Exploiting this vulnerability, remote attackers can craft and send maliciously constructed request messages to the vulnerable service interface exposed by the target device. By injecting arbitrary operating system commands into the parameter fields, they can achieve unauthorized code execution on the underlying system of the compromised IoT device, fully taking control of the device and performing malicious operations at will. |
|---|
| स्रोत | ⚠️ https://www.notion.so/3430c75766a8802dbde3dc8a372c7f46 |
|---|
| उपयोगकर्ता | 2er00ne (UID 91682) |
|---|
| सबमिशन | 15/04/2026 11:59 AM (2 महीनों पहले) |
|---|
| संयम | 03/05/2026 09:14 AM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360881 [JD Cloud JDCOS 4.5.1.r4518 Service Interface /jdcap set_iptv_info vid अधिकार वृद्धि] |
|---|
| अंक | 17 |
|---|