A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. The Edimax vulnerability is tracked as CVE-2025-1316 and is a critical severity (CVSS v4.0 score 9.3) OS command injection flaw caused by the improper neutralization of incoming requests. Common signs of compromised IoT devices include performance degradation, excessive heating, unexpected changes in device settings, and atypical/anomalous network traffic. Given the situation and active exploitation status for CVE-2025-1316, impacted devices should be taken offline or replaced with actively supported products. CISA recommends that users minimize internet exposure for impacted devices, place them behind firewalls, and isolate them from critical business networks. The Edimax IC-7100 is an IP security camera for remote surveillance at homes, small office buildings, commercial facilities, and industrial settings. Botnets typically use these devices to launch distributed denial of service (DDoS) attacks, proxy malicious traffic, or pivot to other devices on the same network. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. Akamai researcher Kyle Lefton told BleepingComputer that they will provide more technical details about the flaw and the associated botnet next week. After discovering the flaw, Akamai reported it to the U.S. Cybersecurity & Infrastructure Agency (CISA), who attempted to contact the Taiwanese vendor. However, Edimax did not respond to CISA's notification attempts, and a security update for the flaw is not available. In this case, the current exploitation is being performed by botnet malware to compromise the devices. A remote attacker can exploit this flaw and gain remote code execution by sending specially crafted requests to the device. Moreover, the U.S. agency recommends using up-to-date Virtual Private Network (VPN) products for secure remote access when required. The flaw was discovered by Akamai researchers, who confirmed to BleepingComputer that the flaw is exploited in attacks that are still ongoing.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 07 Mar 2025 18:40:25 +0000