CVE-2026-7705

JD Cloud JDCOS Service jdcap set_iptv_info command injection

CVSS 5.3 MEDIUMEPSS 1.2%CWE-74 CWE-77

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

JD Cloud · JDCOS

PoCs públicas encontradas — 1

cve_referencewww.notion.so/3430c75766a8802dbde3dc8a372c7f46no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vuldb.com/submit/805644 https://vuldb.com/vuln/360881 https://vuldb.com/vuln/360881/cti https://www.notion.so/3430c75766a8802dbde3dc8a372c7f46