Description
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.
Published: 2026-07-01
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

JAIOTlink C492A‑W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411 include hard‑coded credentials that allow an attacker to authenticate to the anyka_ipc HTTP service on port 80 using the default admin username with an empty password. Once authenticated, the attacker can view camera snapshots and video streams, read and modify network configuration, and invoke factory‑level API endpoints, including the SetMAC command injection surface. The vulnerability is a classic example of CWE‑1392 and results in full unauthorized control over the device and potential intrusions into the local network.

Affected Systems

The affected devices are JAIOTlink C492A‑W6 Wi‑Fi IP Cameras with firmware version 4.8.30.57701411. No other vendor or product information is provided.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, but the presence of default credentials means the attack vector is likely local network (network‑adjacent) or through any exposed HTTP interface. An attacker with network access can effortlessly authenticate without additional exploits, immediately gaining full control of the camera and its network configuration.

Generated by OpenCVE AI on July 1, 2026 at 23:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest available firmware update for the C492A‑W6 that removes the hard‑coded credentials.
  • Configure local network firewalls or access‑control lists to block or restrict HTTP access to the camera’s port 80 from all external networks.
  • If an update is not immediately available, disable the anyka_ipc HTTP service or move the camera to a network segment isolated from untrusted devices.
  • If neither a patch nor restriction can be enforced, consider replacing the camera with a device that does not expose hard‑coded credentials.

Generated by OpenCVE AI on July 1, 2026 at 23:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.
Title JAIOTlink C492A-W6 4.8.30.57701411 Hard-coded Credentials via anyka_ipc
Weaknesses CWE-1392
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T16:25:22.366Z

Reserved: 2026-06-30T20:20:33.789Z

Link: CVE-2026-58453

cve-icon Vulnrichment

Updated: 2026-07-01T16:25:19.583Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T23:15:04Z

Weaknesses