Summary: A recently disclosed vulnerability (CVE-2025-1316) in Edimax IC-7100 IP cameras allows for critical command injection and remote command execution, potentially exploited by multiple Mirai-based botnets. The cybersecurity agency CISA urges affected users to communicate with Edimax, which has not issued a patch and regards these cameras as legacy products. This vulnerability could pose significant risks, especially for devices using default credentials.
Affected: Edimax IC-7100 IP Cameras
Keypoints :
- CVE-2025-1316 is a command injection vulnerability in Edimax cameras identified by CISA.
- The vulnerability has been exploited by various Mirai-based botnets since late 2024.
- Akamai has noted that authentication is needed, but many cameras are accessible with default credentials.
- Edimax has been unresponsive to attempts for coordination on disclosing the vulnerability.
- CISA has yet to officially classify the vulnerability as exploited in its Known Exploited Vulnerabilities catalog.
Source: https://www.securityweek.com/edimax-camera-zero-day-disclosed-by-cisa-exploited-by-botnets/