JingDong JD Cloud Box AX6600 Remote Privilege Escalation Vulnerability

A remote privilege escalation vulnerability has been identified in the JingDong JD Cloud Box AX6600, affecting versions through 4.5.1.r4533. The issue arises in the jdcapp_rpc component, specifically within the set_stcreenen_deabled_status/get_status function of the /f/service/controlDevice file. The vulnerability allows for unauthorized manipulation of device controls, potentially leading to elevated privileges on the device.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain elevated privileges on the affected device, potentially leading to unauthorized access or control over device functions.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /f/service/controlDevice endpoint with the hard_platform, app_version, device_id, plat_version, channel, plat, and other required headers. The request must include a JSON payload that specifies the command 'set_screen_enabled_status' along with the desired parameters. This manipulation of the command execution process is what leads to the privilege escalation.