| tiêu đề | jdcloud 京东云无线宝ER1 太乙 有线路由 千兆路由器 JDCOS-JDC08-4.5.1.r4518 Remote code execution |
|---|
| Mô tả | A remote code execution (RCE) vulnerability exists in multiple JD Cloud Wireless Treasure IoT devices, posing a severe security risk to affected equipment. The root cause of this flaw lies in the lack of proper input validation, filtering, and sanitization for externally controllable command parameters within the device’s service interface. These untrusted parameters are directly concatenated into system command-line arguments without any restriction on special shell metacharacters or command separators, creating a straightforward command injection vector. Exploiting this vulnerability, remote attackers can craft and send maliciously constructed request messages to the vulnerable service interface exposed by the target device. By injecting arbitrary operating system commands into the parameter fields, they can achieve unauthorized code execution on the underlying system of the compromised IoT device, fully taking control of the device and performing malicious operations at will. |
|---|
| Nguồn | ⚠️ https://www.notion.so/3430c75766a8802dbde3dc8a372c7f46 |
|---|
| Người dùng | 2er00ne (UID 91682) |
|---|
| Đệ trình | 15/04/2026 11:59 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 03/05/2026 09:14 (18 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 360881 [JD Cloud JDCOS 4.5.1.r4518 Service Interface /jdcap set_iptv_info vid nâng cao đặc quyền] |
|---|
| điểm | 17 |
|---|