Skip to main content

JAIOTlink C492A-W6 CVE-2026-58454

| EUVDEUVD-2026-41050 HIGH
Code Injection (CWE-94)
2026-07-01 VulnCheck GHSA-347m-p67j-pvqr
7.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable config endpoint (AV:N) but requires valid low-priv credentials (PR:L) and a non-trivial stage-then-trigger sequence (AC:H); successful exploitation yields full device compromise (C/I/A:H).

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 01, 2026 - 16:51 vuln.today

DescriptionCVE.org

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.

AnalysisAI

Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker plant a shell script in writable JFFS2 persistent storage and invoke it via popen() through the authenticated Anyka config HTTP endpoint, yielding reboot-surviving persistent RCE. Publicly available exploit code exists (published by VulnCheck), though there is no confirmed active exploitation in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid camera credentials
Delivery
Authenticate to HTTP interface
Exploit
Write malicious script to JFFS2 storage
Execution
Request Anyka config endpoint
Persist
popen() executes staged script
Impact
Persistent RCE surviving reboot

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) valid authenticated access to the camera's HTTP interface at low privilege (PR:L) - the attacker must already possess working camera credentials; (2) write access to the persistent JFFS2 storage path to stage a malicious shell script; and (3) the ability to reach and invoke the authenticated Anyka config endpoint, which calls popen() on the staged content. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) describes a network-reachable but non-trivial attack that requires valid low-level credentials (PR:L) and carries high attack complexity (AC:H), likely because the attacker must correctly stage the file in the JFFS2 path and then time and trigger the config endpoint. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained valid low-privilege camera credentials - via default passwords, credential reuse, or capture - authenticates to the camera over the network and writes a malicious shell script into the writable JFFS2 persistent storage path. They then request the Anyka config HTTP endpoint, which invokes the staged script through popen(), executing arbitrary commands that persist across reboots. …
Remediation No vendor-released patch or fixed firmware version is identified at time of analysis, so remediation relies on compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit inventory for all JAIOTlink C492A-W6 cameras and firmware versions; restrict network access to these devices at the firewall level. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy