← back
CVE-2026-7705

JD Cloud JDCOS Service jdcap set_iptv_info command injection

CVSS 5.3 MEDIUMEPSS 1.2%CWE-74CWE-77
A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
JD Cloud · JDCOS
public PoCs found1
cve_referencewww.notion.so/3430c75766a8802dbde3dc8a372c7f46unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://vuldb.com/submit/805644https://vuldb.com/vuln/360881https://vuldb.com/vuln/360881/ctihttps://www.notion.so/3430c75766a8802dbde3dc8a372c7f46