CVE Catalog

CVE-2026-58453

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.69%

74th percentile — higher than 74% of all known CVEs

Summary

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain hard-coded credentials that allow network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.

Risk Assessment

The organization is at risk of unauthorized camera feed access, video stream interception, network configuration modification, and remote code execution via command injection, potentially leading to privacy breaches and monitoring system integrity compromise.

Recommendation

Immediately change the default admin password to a strong, unique password and update the camera firmware to the latest version if a patch is available. Additionally, restrict access to port 80 to trusted IP addresses only.

Original NVD description (English source)

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain a hard-coded credentials vulnerability that allows network-adjacent attackers to gain unauthorized access by using the default admin username with an empty password accepted by the anyka_ipc HTTP service on port 80. Attackers can authenticate with these hardcoded credentials to access camera snapshots, video streams, network configuration, and factory-level API endpoints including the SetMAC command injection surface.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS