CVE-2026-58453
JAIOTlink · C492A-W6 Wi-Fi IP Camera
JAIOTlink C492A-W6 IP cameras contain hard-coded default credentials that allow network-adjacent attackers to gain unauthorized administrative access.
Executive summary
JAIOTlink C492A-W6 Wi-Fi IP cameras are susceptible to unauthorized access due to hard-coded default credentials, enabling full control over camera functionality.
Vulnerability
The device features hard-coded credentials that grant network-adjacent attackers administrative access via the HTTP service on port 80. This allows unauthorized access to video streams, snapshots, and sensitive configuration interfaces, including a command injection surface.
Business impact
The CVSS score of 9.8 reflects the ease of access and the potential for total device compromise. Unauthorized control of IP cameras can lead to the loss of physical security, privacy violations, and the potential for the camera to be used as a foothold for further network exploitation.
Remediation
Immediate Action: Update the camera firmware to the latest available version provided by the manufacturer.
Proactive Monitoring: Monitor network traffic for unauthorized access attempts directed at the camera's management interface and audit existing device configurations.
Compensating Controls: Place IP cameras on an isolated VLAN with strict network access control lists (ACLs) to prevent unauthorized network-adjacent access.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Organizations utilizing JAIOTlink C492A-W6 cameras must treat this as a high-priority issue. Beyond firmware updates, network segmentation is essential to restrict access to management interfaces and mitigate the risk posed by hard-coded credentials.