108/68 Wednesday, March 19, 2025
Hackers have been exploiting CVE-2025-1316, a high-severity OS command injection vulnerability (CVSS 9.3) in Edimax IC-7100 cameras, to spread the Mirai Botnet since May 2024. This vulnerability enables remote code execution (RCE) through specially crafted requests. According to Akamai, a Proof-of-Concept (PoC) exploit was publicly available as early as June 2023, with the first observed attack attempts in May 2024.
Attackers exploit this vulnerability through the /camera-cgi/admin/param.cgi endpoint, leveraging default admin credentials (admin:1234) to gain access. Once compromised, the devices are infected with Mirai malware, allowing them to be used in Distributed Denial-of-Service (DDoS) attacks over TCP and UDP protocols. The malware has also been observed exploiting other vulnerabilities, such as CVE-2024-7214 (affecting TOTOLINK IoT devices), CVE-2021-36220, and vulnerabilities in Hadoop YARN.
Edimax has stated that the affected devices are End-of-Life (EOL) and will not receive security patches. Users are advised to upgrade to newer models, disable internet exposure, change default passwords, and monitor access logs to mitigate risks. Akamai warns that the Mirai Botnet remains a persistent threat, with AI and publicly available exploit code making botnet creation increasingly accessible.
Source https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html
