Description
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
Published: 2026-07-01
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE describes a remote code execution flaw in the JAIOTlink C492A‑W6 Wi‑Fi IP camera firmware 4.8.30.57701411. Authenticated attackers can write an arbitrary shell script to the camera’s writable JFFS2 storage path and trigger its execution by accessing the "/Anyka/config" HTTP endpoint. The camera invokes the script via popen(), allowing the attacker to run arbitrary code that persists across device reboots. This vulnerability is categorized as CWE‑94, an interpreter or engine execution fault.

Affected Systems

JAIOTlink C492A‑W6 Wi‑Fi IP cameras with firmware 4.8.30.57701411 are affected. No other vendor or product versions are listed in the CNA data.

Risk and Exploitability

The CVSS base score is 7.7, indicating a high severity. The EPSS score is not available, so the likelihood of exploitation is unknown. Exploitation requires an authenticated HTTP session; an attacker must first obtain valid credentials or bypass authentication, which could occur through local network access or social engineering. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploit campaigns. Because the attacker can execute scripts that persist after reboot, the impact can be severe if successful.

Generated by OpenCVE AI on July 2, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Configure firewall rules or network segmentation to block or limit access to the "/Anyka/config" endpoint from untrusted hosts.
  • Enforce strong, unique authentication credentials and change default passwords to prevent unauthorized authenticated sessions.
  • Monitor the camera’s JFFS2 storage for unexpected shell script files and investigate any newly created executables.

Generated by OpenCVE AI on July 2, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.
Title JAIOTlink C492A-W6 4.8.30.57701411 RCE via /Anyka/config Endpoint
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-07-01T18:10:47.836Z

Reserved: 2026-06-30T20:20:33.789Z

Link: CVE-2026-58454

cve-icon Vulnrichment

Updated: 2026-07-01T18:10:40.919Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-02T16:00:12Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')