Vendor: JD Cloud (https://jdbox.jdcloud.com/)
Affected Product:
AX1800 ≤ 4.3.1.r4308
AX1800 Pro ≤ 4.5.1.r4533
AX3000 ≤ 4.3.1.r4318
AX6600 ≤ 4.5.1.r4533
BE6500 ≤ 4.4.1.r4308
ER1 ≤ 4.5.1.r4518
ER2 ≤ 4.5.1.r4518
JD Cloud routers contain unauthorized remote command execution vulnerabilities. Unauthorized remote attackers can combine the authentication bypass vulnerability and command injection vulnerabilities to execute arbitrary commands on remote devices, gain highest root privileges, and thus control and take over the devices.
First, the unauthorized interface leaked the MAC address and feedid value.
Based on the leaked values, the token value is calculated using a specific hash algorithm.
This token allows authentication to be bypassed, enabling the use of relevant API to modify the system password of a remote device.
