JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 23:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Jaiotlink
Jaiotlink c492a-w6 Wi-fi Ip Camera |
|
| Vendors & Products |
Jaiotlink
Jaiotlink c492a-w6 Wi-fi Ip Camera |
Wed, 01 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots. | |
| Title | JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint | |
| Weaknesses | CWE-94 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published: 2026-07-01T15:36:15.363Z
Updated: 2026-07-01T18:10:47.836Z
Reserved: 2026-06-30T20:20:33.789Z
Link: CVE-2026-58454
Updated: 2026-07-01T18:10:40.919Z
No data.
No data.