CVE-2026-7705

JD Cloud JDCOS Service jdcap set_iptv_info command injection

CVSS 5.3 MEDIUMEPSS 1.2%CWE-74 CWE-77

Vexday Risk Score

33Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 5.3EPSS 1.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

03 may 2026Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

A flaw has been found in JD Cloud JDCOS 4.5.1.r4518. This vulnerability affects the function set_iptv_info of the file /jdcap of the component Service Interface. Executing a manipulation of the argument vid can lead to command injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

JD Cloud · JDCOS

PoCs públicas encontradas — 1

cve_referencewww.notion.so/3430c75766a8802dbde3dc8a372c7f46no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://vuldb.com/submit/805644 https://vuldb.com/vuln/360881 https://vuldb.com/vuln/360881/cti https://www.notion.so/3430c75766a8802dbde3dc8a372c7f46