CVE-2026-58452
Received Received - Intake

OS Command Injection in JAIOTlink C492A-W6 IP Camera Firmware

Vulnerability report for CVE-2026-58452, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: VulnCheck

Description

JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 4.8.30.57701411 contain an OS command injection vulnerability that allows authenticated attackers to achieve remote code execution by supplying a malicious Wireless parameter to the HTTP PUT NetSDK/Factory SetMAC endpoint. Attackers can craft a string beginning with a valid MAC-like prefix followed by a semicolon and a shell payload, which bypasses partial sscanf() validation and is passed unsanitized into an echo shell command executed through a system() wrapper.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
jaiotlink c492a-w6 to 4.8.30.57701411 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58452 is an OS command injection vulnerability found in JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware version 4.8.30.57701411. It occurs in the HTTP PUT NetSDK/Factory SetMAC endpoint, where an authenticated attacker can supply a malicious Wireless parameter.

The vulnerability arises because the camera firmware partially validates the input using sscanf() but does not fully sanitize it. An attacker can craft a string starting with a valid MAC-like prefix followed by a semicolon and a shell command payload. This crafted input is then passed unsanitized into a shell command executed via a system() call, allowing remote code execution.

Exploitation requires authentication, but once exploited, the attacker can execute arbitrary commands on the device remotely.

Impact Analysis

This vulnerability allows an authenticated attacker to execute arbitrary commands remotely on the affected IP camera. This can lead to full compromise of the device.

  • Remote code execution enables attackers to control the device, potentially accessing video feeds, altering configurations, or using the device as a foothold into a larger network.
  • Attackers can hide their tracks by restoring the original MAC address after exploitation.
  • Compromise of the device could lead to privacy violations, unauthorized surveillance, or network breaches.
Detection Guidance

This vulnerability can be detected by monitoring HTTP PUT requests to the /NetSDK/Factory?cmd=SetMAC endpoint on JAIOTlink C492A-W6 Wi-Fi IP cameras running vulnerable firmware versions.

Look for suspicious Wireless parameter values that contain a valid MAC-like prefix followed by a semicolon and shell commands, which indicate an attempt to exploit the OS command injection.

For example, you can use network traffic inspection tools or web server logs to identify requests with payloads similar to: 1:2:3:4:5:7;nc -lp 9|sh

Commands to detect such attempts might include using tools like tcpdump or Wireshark to filter HTTP PUT requests to the vulnerable endpoint and grep for suspicious Wireless parameter values.

  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'PUT /NetSDK/Factory?cmd=SetMAC'
  • grep -r 'Wireless.*;' /var/log/httpd/access_log
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint to trusted users only, as exploitation requires authentication.

Avoid using or exposing the HTTP PUT NetSDK/Factory SetMAC endpoint until a firmware update or patch is applied.

If possible, disable remote management features or restrict network access to the cameras to prevent unauthorized access.

Monitor logs and network traffic for suspicious activity targeting the SetMAC endpoint.

Apply any available firmware updates from the vendor that address this vulnerability, or contact the vendor for patches.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58452. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart