Impact
The CVE describes a remote code execution flaw in the JAIOTlink C492A‑W6 Wi‑Fi IP camera firmware 4.8.30.57701411. Authenticated attackers can write an arbitrary shell script to the camera’s writable JFFS2 storage path and trigger its execution by accessing the "/Anyka/config" HTTP endpoint. The camera invokes the script via popen(), allowing the attacker to run arbitrary code that persists across device reboots. This vulnerability is categorized as CWE‑94, an interpreter or engine execution fault.
Affected Systems
JAIOTlink C492A‑W6 Wi‑Fi IP cameras with firmware 4.8.30.57701411 are affected. No other vendor or product versions are listed in the CNA data.
Risk and Exploitability
The CVSS base score is 7.7, indicating a high severity. The EPSS score is not available, so the likelihood of exploitation is unknown. Exploitation requires an authenticated HTTP session; an attacker must first obtain valid credentials or bypass authentication, which could occur through local network access or social engineering. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploit campaigns. Because the attacker can execute scripts that persist after reboot, the impact can be severe if successful.
OpenCVE Enrichment