CVE-2026-58454
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk40th percentile — higher than 40% of all known CVEs
Summary
JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware 4.8.30.57701411 contain a remote code execution vulnerability. An authenticated attacker can write a malicious script to persistent JFFS2 storage and trigger execution via an HTTP endpoint, achieving persistent control over the device.
Risk Assessment
The risk includes full device compromise, persistence across reboots, and potential use of the camera as a foothold for further attacks on the organization's network.
Recommendation
Immediately update the camera firmware to the latest patched version if available. Otherwise, restrict management interface access to trusted networks and monitor for unusual HTTP requests.
Original NVD description (English source)
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a remote code execution vulnerability that allows authenticated attackers to execute arbitrary shell scripts by writing to the writable persistent JFFS2 storage path and triggering execution through the authenticated HTTP endpoint. Attackers can stage a malicious script in the writable persistent storage and request the config endpoint to invoke it via popen(), achieving persistent remote code execution that survives device reboots.

