PT-2026-54916 · Jaiotlink · Jaiotlink C492A-W6
Andres Valdes
·
Published
2026-07-01
·
Updated
2026-07-01
·
CVE-2026-58454
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
JAIOTlink C492A-W6 version 4.8.30.57701411
Description
Authenticated attackers can achieve persistent remote code execution by writing arbitrary shell scripts to the writable persistent JFFS2 storage path. The execution is triggered through an authenticated HTTP endpoint that invokes the script via the
popen() function. This allows the malicious script to persist even after the device is rebooted.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jaiotlink C492A-W6