A crucial command injection vulnerability impacting the Edimax IC-7100 IP digicam is at the moment being exploited by botnet malware to compromise gadgets.
The flaw was found by Akamai researchers, who confirmed to BleepingComputer that the flaw is exploited in assaults which can be nonetheless ongoing.
Akamai researcher Kyle Lefton advised BleepingComputer that they’ll present extra technical particulars concerning the flaw and the related botnet subsequent week.
After discovering the flaw, Akamai reported it to the U.S. Cybersecurity & Infrastructure Company (CISA), who tried to contact the Taiwanese vendor.
“Each Akamai SIRT and CISA tried to contact the seller (Edimax) a number of instances. CISA was unable to get a response from them,” Lefton advised BleepingComputer.com.
“I personally reached out to them and obtained a response, however all they stated was that the gadget in query, IC-7100, was finish of life, subsequently not receiving additional updates. As Edimax was unable to offer us with extra data, it’s potential that this CVE impacts a wider vary of gadgets, and it’s unlikely {that a} patch will launched.”
The Edimax IC-7100 is an IP security digicam for distant surveillance at houses, small workplace buildings, business services, and industrial settings.
The product is not extensively out there in retail channels anymore. It was launched in October 2011, and Edimax lists it underneath its ‘legacy merchandise,’ suggesting it is not produced and is probably going not supported.
Nevertheless, a big variety of these gadgets should still be used throughout the globe.
The Edimax vulnerability is tracked as CVE-2025-1316 and is a crucial severity (CVSS v4.0 rating 9.3) OS command injection flaw brought on by the improper neutralization of incoming requests.
A distant attacker can exploit this flaw and acquire distant code execution by sending specifically crafted requests to the gadget.
On this case, the present exploitation is being carried out by botnet malware to compromise the gadgets.
Botnets usually use these gadgets to launch distributed denial of service (DDoS) assaults, proxy malicious visitors, or pivot to different gadgets on the identical community.
Given the state of affairs and energetic exploitation standing for CVE-2025-1316, impacted gadgets ought to be taken offline or changed with actively supported merchandise.
CISA recommends that customers reduce web publicity for impacted gadgets, place them behind firewalls, and isolate them from crucial enterprise networks.
Furthermore, the U.S. company recommends utilizing up-to-date Digital Personal Community (VPN) merchandise for safe distant entry when required.
Widespread indicators of compromised IoT gadgets embody efficiency degradation, extreme heating, sudden modifications in gadget settings, and atypical/anomalous community visitors.
