9.8
CVE-2025-66848
- EPSS 0.44%
- Veröffentlicht 30.12.2025 17:15:43
- Zuletzt bearbeitet 09.01.2026 19:57:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginJD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jdcloud ≫ Ax1800 Firmware Version <= 4.3.1.r4308
Jdcloud ≫ Ax3000 Firmware Version <= 4.3.1.r4318
Jdcloud ≫ Ax6600 Firmware Version <= 4.5.1.r4533
Jdcloud ≫ Be6500 Firmware Version <= 4.4.1.r4308
Jdcloud ≫ Er1 Firmware Version <= 4.5.1.r4518
Jdcloud ≫ Er2 Firmware Version <= 4.5.1.r4518
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.627 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.