Stack-based Buffer Overflow in JingDong JD Cloud Box AX6600 set_macfilter

Successful exploitation can result in severe compromise of the affected device, including crash or instability of the vulnerable process and potentially full compromise of the device depending on exploit reliability and execution context. The supplied scoring and description indicate high impact to confidentiality, integrity, and availability. Because the flaw is remotely reachable and memory-corruption based, an attacker may be able to execute arbitrary code, disrupt service, or take control of router functionality.

Until a fix is available, restrict network access to the management or RPC interfaces that can reach /sbin/jdcweb_rpc and specifically any functionality exposing set_macfilter. Limit access to trusted administrative networks only, disable remote administration if not required, place the device behind firewall rules or ACLs, and monitor for abnormal requests targeting MAC filter configuration functionality. Given public exploit disclosure, consider immediate isolation or replacement of exposed devices.

Upgrade to a vendor-fixed firmware release if one becomes available. Because the provided content identifies firmware 4.5.3.r4546 as affected but does not specify a patched version, the current fixed version is not available from the supplied information. Review vendor advisories for JingDong JD Cloud Box AX6600 and replace or retire affected devices if no security update is issued. If source or binary patching is under the operator's control, the vulnerable input handling in set_macfilter within /sbin/jdcweb_rpc should be corrected with proper bounds checking and safe copying semantics.