Ddos 
A security vulnerability has been uncovered in a popular line of NAS routers from JD Cloud, potentially leaving thousands of home and business networks wide open to attack. The flaw, which affects multiple models of the company’s routers, allows remote attackers to completely bypass authentication and execute arbitrary commands with the highest possible privileges.
The vulnerability is tracked as CVE-2025-66848 and carries a critical CVSS score of 9.8, a rating reserved for the most dangerous and easily exploitable bugs.
The attack chain is a textbook example of how a small information leak can lead to total system compromise.
According to the vulnerability report, the issue begins with an unsecured API interface (/api/joylink) that happily leaks sensitive device information—specifically the router’s MAC address and a unique identifier called the feedid.
Armed with this leaked data, an attacker can perform a relatively simple calculation using a known hashing algorithm (MD5) to generate a valid administrative token.
“This token allows authentication to be bypassed, enabling the use of relevant API to modify the system password of a remote device,” the analysis explains.
Once the attacker has reset the password and logged in, the situation escalates from bad to worse. The report details how they can exploit a secondary command injection vulnerability in the device’s DDNS service.
By sending a specially crafted request to the router—injecting a malicious payload into the ddns_name field—the attacker can force the router to open a backdoor connection to their own server.
The result? “Ultimately, attackers are able to gain the root privilege on the remote target device,” allowing them to spy on traffic, install malware, or pivot to other devices on the local network.
The vulnerability affects a wide range of JD Cloud NAS routers running older firmware versions:
- AX1800 (v4.3.1.r4308 and earlier)
- AX1800 Pro (v4.5.1.r4533 and earlier)
- AX3000 (v4.3.1.r4318 and earlier)
- AX6600 (v4.5.1.r4533 and earlier)
- BE6500 (v4.4.1.r4308 and earlier)
- ER1 / ER2 (v4.5.1.r4518 and earlier).
Users owning any of these devices should check for firmware updates immediately to close the door on potential intruders.
Donate