CVE Catalog

CVE-2025-66848

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.91%

56th percentile - higher than 56% of all known CVEs

Summary

JD Cloud NAS routers AX1800, AX3000, AX6600, BE6500, ER1, and ER2 in specific firmware versions contain an unauthorized remote command execution vulnerability. An attacker can exploit this flaw without authentication, leading to full device compromise.

Risk Assessment

The risk for the organization includes remote takeover of the router, potentially leading to breach of network data confidentiality and integrity, and using the device as an entry point for further attacks on the internal network.

Recommendation

Immediately update the router firmware to the latest available version that fixes this vulnerability. Also restrict access to the router management interface to trusted networks only.

Original NVD description (English source)

JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS