FlagThis

A critical command injection vulnerability, identified as CVE-2025-1316, impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. This flaw allows attackers to achieve remote command execution, potentially leading to denial-of-service. Mirai-based botnets are actively exploiting this zero-day vulnerability.

Unpatched Edimax IP cameras are now prime targets in ongoing botnet attacks. Security researchers at Akamai discovered the flaw and reported it to the U.S. Cybersecurity & Infrastructure Agency (CISA), who attempted to contact the Taiwanese vendor. Users are strongly advised to apply any available patches to prevent their devices from being compromised and enlisted into these botnets.

ImgSrc: securityaffairs

References :

• securityaffairs.com: US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras.
• www.bleepingcomputer.com: A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices.
• bsky.app: A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices.
• bsky.app: A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices.
• securityonline.info: CISA Warns of Critical Edimax IP Camera Flaw (CVE-2025-1316) with Public Exploits and No Vendor Fix
• The DefendOps Diaries: Understanding and Mitigating the Edimax IP Camera Vulnerability

Classification:

• HashTags: #IoT #Botnet #Vulnerability
• Company: Edimax
• Target: Edimax IC-7100 IP Cameras
• Product: IC-7100 IP Camera
• Feature: Command Injection
• Malware: Mirai
• Type: Vulnerability
• Severity: Critical