Summary: A critical zero-day vulnerability (CVE-2025-1316) affecting Edimax devices has been exploited since May 2024, notably impacting Edimax IC-7100 IP cameras, with potential risks for other IoT products. Akamaiโs findings reveal that multiple Mirai-based botnets are leveraging this flaw, primarily by exploiting devices with default credentials. Despite reporting the vulnerability in October 2024, Edimax has indicated that they cannot provide a patch due to outdated development resources.
Affected: Edimax devices (IC-7100 IP cameras and possibly other IoT products)
Keypoints :
- The vulnerability was identified as CVE-2025-1316 and exploited by Mirai-based botnets.
- Akamai logged exploitation attempts starting in May 2024, with significant spikes in late 2024 and early 2025.
- Edimax acknowledged the issue but stated that a fix is unfeasible due to discontinued device support.
Source: https://www.securityweek.com/unpatched-edimax-camera-flaw-exploited-since-at-least-may-2024/