PT-2026-54916 · Jaiotlink · Jaiotlink C492A-W6

Andres Valdes

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-58454

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions JAIOTlink C492A-W6 version 4.8.30.57701411
Description Authenticated attackers can achieve persistent remote code execution by writing arbitrary shell scripts to the writable persistent JFFS2 storage path. The execution is triggered through an authenticated HTTP endpoint that invokes the script via the popen() function. This allows the malicious script to persist even after the device is rebooted.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58454

Affected Products

Jaiotlink C492A-W6