“Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on the device,” reads CISA’s advisory. The vulnerability, tracked as CVE-2025-1316, allows attackers to send specially crafted requests to achieve remote code execution on affected devices. For the cybersecurity community and network defenders, this incident highlights the importance of proper vulnerability management prioritization and the critical need to secure or decommission end-of-life devices that remain connected to networks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Organizations observing suspected malicious activity related to this vulnerability should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. This critically severe vulnerability exists because the Edimax IC-7100 IP camera fails to properly neutralize and sanitize user inputs in requests sent to the device. While authentication is required to exploit the vulnerability, attackers have been leveraging the prevalence of default credentials (typically admin:1234) on many internet-exposed cameras. However, Akamai researchers believe “the vulnerability may affect supported ones” as well, suggesting the issue could have a broader impact than initially reported. The company reportedly informed researchers that IC-7100 cameras are end-of-life products and that it does not remediate security issues in obsolete products.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Mar 2025 11:15:04 +0000