CVE-2026-7705: Command Injection in JD Cloud JDCOS
CVE-2026-7705 is a command injection vulnerability in JD Cloud JDCOS version 4. 5. 1. r4518 affecting the set_iptv_info function within the /jdcap service interface. An attacker can remotely manipulate the 'vid' argument to execute arbitrary commands on the affected system. The vulnerability has a CVSS 4. 0 base score of 5. 3, indicating medium severity. Although an exploit has been published, there are no known exploits in the wild. The vendor has not responded to disclosure requests, and no official patch or remediation guidance is currently available.
AI Analysis
Technical Summary
This vulnerability exists in JD Cloud JDCOS 4.5.1.r4518 in the set_iptv_info function of the /jdcap component. It allows remote attackers to perform command injection by manipulating the 'vid' argument. The vulnerability enables execution of arbitrary commands on the system, potentially compromising the affected device. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low to limited impact on confidentiality, integrity, and availability. No official fix or patch has been published, and the vendor has not responded to disclosure attempts.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected JD Cloud JDCOS system, potentially leading to unauthorized system control or disruption. The impact is rated medium based on the CVSS score of 5.3, reflecting limited but significant risk. There are no confirmed reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official patch is available, users should consider implementing network-level protections such as restricting access to the vulnerable service interface to trusted sources only. Monitor for any updates from the vendor regarding patches or official mitigations.
CVE-2026-7705: Command Injection in JD Cloud JDCOS
Description
CVE-2026-7705 is a command injection vulnerability in JD Cloud JDCOS version 4. 5. 1. r4518 affecting the set_iptv_info function within the /jdcap service interface. An attacker can remotely manipulate the 'vid' argument to execute arbitrary commands on the affected system. The vulnerability has a CVSS 4. 0 base score of 5. 3, indicating medium severity. Although an exploit has been published, there are no known exploits in the wild. The vendor has not responded to disclosure requests, and no official patch or remediation guidance is currently available.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in JD Cloud JDCOS 4.5.1.r4518 in the set_iptv_info function of the /jdcap component. It allows remote attackers to perform command injection by manipulating the 'vid' argument. The vulnerability enables execution of arbitrary commands on the system, potentially compromising the affected device. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, and low to limited impact on confidentiality, integrity, and availability. No official fix or patch has been published, and the vendor has not responded to disclosure attempts.
Potential Impact
Successful exploitation allows remote attackers to execute arbitrary commands on the affected JD Cloud JDCOS system, potentially leading to unauthorized system control or disruption. The impact is rated medium based on the CVSS score of 5.3, reflecting limited but significant risk. There are no confirmed reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded and no official patch is available, users should consider implementing network-level protections such as restricting access to the vulnerable service interface to trusted sources only. Monitor for any updates from the vendor regarding patches or official mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-03T07:14:33.114Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f7ca83cbff5d86106ce7af
Added to database: 5/3/2026, 10:21:55 PM
Last enriched: 5/3/2026, 10:36:24 PM
Last updated: 5/3/2026, 11:26:30 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.