Skip to main content

JAIOTlink C492A-W6 CVE-2026-58452

| EUVDEUVD-2026-41048 HIGH
OS Command Injection (CWE-78)
2026-07-01 VulnCheck GHSA-j337-868r-326w
8.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable HTTP endpoint (AV:N) with straightforward injection (AC:L) but requires low-privilege authentication (PR:L); command execution yields full device compromise, so C/I/A all High.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 16:50 vuln.today

DescriptionCVE.org

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.

AnalysisAI

Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker run arbitrary OS commands via the HTTP PUT NetSDK/Factory SetMAC endpoint. The Wireless parameter is only partially validated by sscanf(), so a value shaped as a valid MAC prefix followed by a semicolon and shell payload survives validation and is passed unsanitized into an echo command run through system(). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to camera web interface
Delivery
Send HTTP PUT to NetSDK/Factory SetMAC
Exploit
Supply MAC-prefix;shell-payload Wireless param
Execution
Bypass partial sscanf() validation
Persist
Payload passed to system() via echo
Impact
Execute arbitrary OS commands on device

Vulnerability AssessmentAI

Exploitation Exploitation requires valid authentication to the camera (CVSS PR:L confirms low-privilege credentials are needed), network reachability to the camera's HTTP management interface, and the ability to send an HTTP PUT request to the specific NetSDK/Factory SetMAC endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) indicates network-reachable, low-complexity exploitation requiring only low-privilege authentication, with high confidentiality, integrity, and availability impact on the device - consistent with full device takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid (possibly default or weak) camera credentials sends an HTTP PUT request to the NetSDK/Factory SetMAC endpoint with a Wireless parameter such as a valid MAC prefix followed by ';' and a shell payload. The partial sscanf() check passes, and the payload executes via system() as the camera's service account, granting arbitrary command execution and full device control. …
Remediation No vendor-released patch identified at time of analysis in the provided data, so remediation must rely on compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all JAIOTlink C492A-W6 cameras running firmware 4.8.30.57701411; review access logs for suspicious activity on the NetSDK/Factory endpoint. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58452 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy