Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable HTTP endpoint (AV:N) with straightforward injection (AC:L) but requires low-privilege authentication (PR:L); command execution yields full device compromise, so C/I/A all High.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.
AnalysisAI
Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker run arbitrary OS commands via the HTTP PUT NetSDK/Factory SetMAC endpoint. The Wireless parameter is only partially validated by sscanf(), so a value shaped as a valid MAC prefix followed by a semicolon and shell payload survives validation and is passed unsanitized into an echo command run through system(). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires valid authentication to the camera (CVSS PR:L confirms low-privilege credentials are needed), network reachability to the camera's HTTP management interface, and the ability to send an HTTP PUT request to the specific NetSDK/Factory SetMAC endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) indicates network-reachable, low-complexity exploitation requiring only low-privilege authentication, with high confidentiality, integrity, and availability impact on the device - consistent with full device takeover. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid (possibly default or weak) camera credentials sends an HTTP PUT request to the NetSDK/Factory SetMAC endpoint with a Wireless parameter such as a valid MAC prefix followed by ';' and a shell payload. The partial sscanf() check passes, and the payload executes via system() as the camera's service account, granting arbitrary command execution and full device control. … |
| Remediation | No vendor-released patch identified at time of analysis in the provided data, so remediation must rely on compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all JAIOTlink C492A-W6 cameras running firmware 4.8.30.57701411; review access logs for suspicious activity on the NetSDK/Factory endpoint. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in C492A W6 Wi Fi Ip Camera
View allDefault-credential authentication bypass in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets attacker
Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in a
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41048
GHSA-j337-868r-326w