Remote Code Execution Vulnerability in JAIOTlink Wi-Fi IP Cameras
CVE-2026-58454
Key Information:
- Vendor
Jaiotlink
- Status
- Vendor
- CVE Published:
- 1 July 2026
Badges
What is CVE-2026-58454?
The JAIOTlink C492A-W6 Wi-Fi IP cameras with firmware version 4.8.30.57701411 are vulnerable to a remote code execution flaw. Authenticated attackers can exploit this vulnerability by saving arbitrary shell scripts in the writable persistent JFFS2 storage. By utilizing the authenticated HTTP endpoint, attackers can trigger these scripts through the configuration endpoint, achieving persistent remote code execution even after device reboots. This highlights a significant risk for users and emphasizes the importance of maintaining updated firmware and securing access.
Affected Version(s)
C492A-W6 Wi-Fi IP Camera 4.8.30.57701411
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
