CVE Catalog

CVE-2026-58452

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

High risk
2.42%

82th percentile — higher than 82% of all known CVEs

Summary

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability. An authenticated attacker can achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint.

Risk Assessment

An attacker can gain full control over the camera, enabling surveillance, configuration changes, or using the device as an entry point into the organization's internal network.

Recommendation

Immediately update the camera firmware to the latest version if a patch is available. In the meantime, restrict management interface access to trusted IP addresses only.

Original NVD description (English source)

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS