| 제목 | JD Cloud AX6600 JDCOS-4.5.3.r4546 Stack-based Buffer Overflow |
|---|
| 설명 | # Stack Overflow Vulnerability in the `set_macfilter` Function of JD Cloud AX6600
## Basic Information
- Vendor: JD Cloud
- Product: AX6600
- Firmware Version: JDCOS-4.5.3.r4546
- Firmware Release Date: 2026-01-22
## Vulnerability Description
A stack overflow vulnerability exists in the `set_macfilter` function of the `/sbin/jdcweb_rpc` binary in JD Cloud AX6600 JDCOS-4.5.3.r4546. An attacker can remotely trigger the vulnerability by sending a specially crafted request.
## Detailed Analysis
For the user-controlled `macpolicy` parameter in the input request, no length validation is performed before it is copied with `strcpy`, allowing data that exceeds the intended length limit to be written into stack variables.
PoC request
```
data = {
"jsonrpc": "2.0",
"id": 20,
"method": "call",
"params": [
"a36ecfc53949fb418f58023b69e924cc",
"jdcapi.static",
"set_macfilter",
{
"macpolicy": "A"*0x1000,
"enable": "0"
}
]
}
```
## Impact
- Stack Overflow
- May lead to:
- Device crash (DoS)
- Potential remote code execution (RCE)
|
|---|
| 원천 | ⚠️ http://cdn2.v50to.cc/JDcloud-AX6600_overflow.zip |
|---|
| 사용자 | CookedMelon (UID 52513) |
|---|
| 제출 | 2026. 05. 06. AM 08:41 (1 월 ago) |
|---|
| 모더레이션 | 2026. 06. 05. PM 08:40 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368970 [JingDong JD Cloud Box AX6600 4.5.3.r4546 /sbin/jdcweb_rpc set_macfilter 메모리 손상] |
|---|
| 포인트들 | 17 |
|---|