Summary: A critical security flaw (CVE-2025-1316) in Edimax IC-7100 network cameras is being leveraged by threat actors to deploy variants of the Mirai botnet. The vulnerability allows for remote code execution and has been exploited since May 2024, primarily using default credentials for access. Edimax has abandoned support for affected devices, leaving users vulnerable as no security patch is planned.
Affected: Edimax IC-7100 network camera
Keypoints :
- Critical operating system command injection vulnerability with a CVSS score of 9.3.
- Exploitation leverages default credentials (admin:1234) for unauthorized access.
- At least two variants of the Mirai botnet are actively exploiting this vulnerability.
- Edimax devices affected by the flaw are no longer supported, with users advised to upgrade or secure their devices.
- Cybercriminals target outdated firmware, emphasizing the ongoing issue of botnet proliferation.
Source: https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html