Submit #805635: jdcloud 京东云无线宝ER1 太乙 有线路由 千兆路由器 JDCOS-JDC08-4.5.1.r4518 Remote code executioninfo

Titlejdcloud 京东云无线宝ER1 太乙 有线路由 千兆路由器 JDCOS-JDC08-4.5.1.r4518 Remote code execution
DescriptionA remote code execution (RCE) vulnerability exists in multiple JD Cloud Wireless Treasure IoT devices, posing a severe security risk to affected equipment. The root cause of this flaw lies in the lack of proper input validation, filtering, and sanitization for externally controllable command parameters within the device’s service interface. These untrusted parameters are directly concatenated into system command-line arguments without any restriction on special shell metacharacters or command separators, creating a straightforward command injection vector. Exploiting this vulnerability, remote attackers can craft and send maliciously constructed request messages to the vulnerable service interface exposed by the target device. By injecting arbitrary operating system commands into the parameter fields, they can achieve unauthorized code execution on the underlying system of the compromised IoT device, fully taking control of the device and performing malicious operations at will.
Source⚠️ https://www.notion.so/3430c75766a88008a509ce22582717f4
User
 2er00ne (UID 91682)
Submission04/15/2026 11:37 (3 months ago)
Moderation05/03/2026 09:14 (18 days later)
StatusDuplicate
VulDB entry338409 [JD Cloud BE6500 4.4.1.r4308 /jdcapi sub_4780 ddns_name command injection]
Points0

Might our Artificial Intelligence support you?

Check our Alexa App!