CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain hard-coded credentials that allow network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.
The vulnerability in the Guardian language-system passes the 'id' GET parameter directly into a PHP exec() call in text_to_subtitles.php (line 19) without sanitization. No authentication is required, allowing an unauthenticated remote attacker to append shell metacharacters and execute arbitrary OS commands on the server.
The vulnerability in the Guardian language system passes the 'id' GET parameter directly into a PHP exec() call in transcribe.php without sanitization. An unauthenticated attacker can append shell metacharacters to execute arbitrary OS commands on the server.
A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter passed to the PHP exec() function in transcribe_amazon.php.
A vulnerability in the Guardian language system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in translate_text.php. The lack of input validation and direct use of the parameter in an exec() call enables exploitation without authentication.
A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in speech_text.php.
A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter in speechmac.php.
A vulnerability in the Guardian language-system allows an unauthenticated attacker to execute arbitrary OS commands remotely by injecting shell metacharacters into the id parameter, which is passed unsanitized to the PHP exec() function in speechmac_text.php.
A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the 'id' parameter, which is passed unsanitized to the PHP exec() function in complex_start.php.
The vulnerability in the Guardian language system involves passing the 'id' GET parameter directly into a PHP exec() call in speech.php without sanitization. An unauthenticated attacker can append shell metacharacters to execute arbitrary OS commands on the server.
A vulnerability in the Guardian language-system allows an unauthenticated remote attacker to execute arbitrary OS commands by injecting shell metacharacters into the id parameter passed to the exec() function in text.php.
The vulnerability in the Guardian language-system passes the id GET parameter directly into a PHP exec() call in translate.php (line 14) without sanitization. An unauthenticated remote attacker can append shell metacharacters to execute arbitrary OS commands on the server.
The vulnerability in the Guardian language-system directly passes the id GET parameter into a PHP exec() call in subtitles.php without sanitization. An unauthenticated remote attacker can append shell metacharacters to the id parameter to execute arbitrary OS commands on the server.
An SQL injection vulnerability in the Guardian language-system component allows an authenticated attacker to inject malicious SQL code via the 'id' parameter in translate_text.php. Lack of input sanitization enables error-based SQL injection to extract database contents.
An SQL injection vulnerability in Guardian language-system allows an authenticated attacker to inject malicious SQL code via the 'name' GET parameter in designer.php. Unsanitized input enables arbitrary SQL queries and extraction of database contents.
An SQL injection vulnerability in the Guardian language-system allows an authenticated attacker to inject malicious SQL code via the 'id' parameter in subtitles.php. The lack of input sanitization enables error-based SQL injection to extract database contents.
SQL Injection vulnerability in Guardian language-system exists in job_info_get.php where the GET parameter 'id' is directly inserted into an SQL query without sanitization. An authenticated attacker can exploit error-based SQL injection to extract database contents.
SQL Injection vulnerability in Guardian language-system allows an authenticated attacker to inject SQL code via the id parameter in text_file.php. Unsanitized input enables extraction of database contents.
An SQL injection vulnerability in the Guardian language-system allows an authenticated attacker to inject malicious SQL code via the id parameter in media.php. Lack of input sanitization enables error-based extraction of database contents.
SQL Injection vulnerability in Guardian language-system allows an unauthenticated attacker to inject SQL code via the 'id' parameter in job_info.php. Lack of input sanitization enables reading sensitive database information.

