Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable config endpoint (AV:N) but requires valid low-priv credentials (PR:L) and a non-trivial stage-then-trigger sequence (AC:H); successful exploitation yields full device compromise (C/I/A:H).
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
AnalysisAI
Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in attacker plant a shell script in writable JFFS2 persistent storage and invoke it via popen() through the authenticated Anyka config HTTP endpoint, yielding reboot-surviving persistent RCE. Publicly available exploit code exists (published by VulnCheck), though there is no confirmed active exploitation in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) valid authenticated access to the camera's HTTP interface at low privilege (PR:L) - the attacker must already possess working camera credentials; (2) write access to the persistent JFFS2 storage path to stage a malicious shell script; and (3) the ability to reach and invoke the authenticated Anyka config endpoint, which calls popen() on the staged content. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H) describes a network-reachable but non-trivial attack that requires valid low-level credentials (PR:L) and carries high attack complexity (AC:H), likely because the attacker must correctly stage the file in the JFFS2 path and then time and trigger the config endpoint. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid low-privilege camera credentials - via default passwords, credential reuse, or capture - authenticates to the camera over the network and writes a malicious shell script into the writable JFFS2 persistent storage path. They then request the Anyka config HTTP endpoint, which invokes the staged script through popen(), executing arbitrary commands that persist across reboots. … |
| Remediation | No vendor-released patch or fixed firmware version is identified at time of analysis, so remediation relies on compensating controls. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit inventory for all JAIOTlink C492A-W6 cameras and firmware versions; restrict network access to these devices at the firewall level. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in C492A W6 Wi Fi Ip Camera
View allDefault-credential authentication bypass in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets attacker
Authenticated remote code execution in JAIOTlink C492A-W6 Wi-Fi IP cameras (firmware 4.8.30.57701411) lets a logged-in a
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41050
GHSA-347m-p67j-pvqr