Pierluigi Paganini
March 07, 2025
US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras.
The issue is an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’.
Edimax IC-7100 fails to properly sanitize requests, an attacker can create specially crafted requests to achieve remote code execution on the device. Report suspected malicious activity to CISA for tracking and correlation with other incidents.
“Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device.” reads the advisory published by CISA. “Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.”
The flaw impacts all C-7100 IP Camera versions and has yet to address the vulnerability because these cameras are end-of-life products.
The advisory doesn’t confirm exploitation of the flaw in the wild, however, the USE agency urges organizations to report suspected malicious activity for tracking and correlation.
Akamai researchers discovered the vulnerability, and the cyber security firm confirmed ([1],[2]) that the flaw is actively exploited in the wild.
The experts observed multiple Mirai-based botnets that are currently exploiting multiple flaws, including Edimax IC-7100 IP cameras.
Threat actors exploit remote command execution to run a shell script that downloads a Mirai malware payload from a remote server.
The vendor, notified in Oct 2024, has been unresponsive to CISA and Akamai. Akamai warns that the vulnerability may affect supported ones.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA)
