CVE-2026-7705
MEDIUMJD Cloud JDCOS Service jdcap set_iptv_info command injection
Title source: cnaDescription
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
Submit #805644 | jdcloud 京东云无线宝ER1 太乙 有线路由 千兆路由器 JDCOS-JDC08-4.5.1.r4518 Remote code execution
https://vuldb.com/submit/805644
Exploit exploit
https://www.notion.so/3430c75766a8802dbde3dc8a372c7f46
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-360881 | JD Cloud JDCOS Service jdcap set_iptv_info command injection
https://vuldb.com/vuln/360881
Signature, Permissions Required signature
permissions-required
VDB-360881 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/360881/cti
Scores
CVSS v3
6.3
EPSS
0.0116
EPSS Percentile
62.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-74
CWE-77
Status
published
Products (1)
JD Cloud/JDCOS
4.5.1.r4518
Published
May 03, 2026
Tracked Since
May 04, 2026