Impact
JAIOTlink C492A‑W6 Wi‑Fi IP cameras running firmware 4.8.30.57701411 include hard‑coded credentials that allow an attacker to authenticate to the anyka_ipc HTTP service on port 80 using the default admin username with an empty password. Once authenticated, the attacker can view camera snapshots and video streams, read and modify network configuration, and invoke factory‑level API endpoints, including the SetMAC command injection surface. The vulnerability is a classic example of CWE‑1392 and results in full unauthorized control over the device and potential intrusions into the local network.
Affected Systems
The affected devices are JAIOTlink C492A‑W6 Wi‑Fi IP Cameras with firmware version 4.8.30.57701411. No other vendor or product information is provided.
Risk and Exploitability
The CVSS score of 9.3 indicates critical severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, but the presence of default credentials means the attack vector is likely local network (network‑adjacent) or through any exposed HTTP interface. An attacker with network access can effortlessly authenticate without additional exploits, immediately gaining full control of the camera and its network configuration.
OpenCVE Enrichment