A critical vulnerability in Edimax IC-7100 IP cameras, tracked as CVE-2025-1316, is being actively exploited by attackers using Mirai-based botnets. This flaw, which has a CVSS score of 9.8, allows for remote code execution due to improper neutralization of requests. The vulnerability was publicly disclosed on March 4, 2025, and was added to CISA's Known Exploited Vulnerabilities (KEV) catalog on March 19, 2025, underscoring its severity and the urgency for mitigation.
The exploitation of this vulnerability in the wild was swift, occurring within just 14 days of its disclosure. The high Exploit Prediction Scoring System (EPSS) score of 0.861 further highlights the likelihood of exploitation, emphasizing the critical nature of this security issue. Attackers leveraging this flaw can execute arbitrary code on the affected devices, potentially gaining control over the cameras and using them as part of larger botnet operations.
The use of Mirai-based botnets in these attacks is particularly concerning, as these botnets have a history of being used for large-scale distributed denial-of-service (DDoS) attacks. By compromising vulnerable IP cameras, attackers can significantly amplify their attack capabilities.
Organizations using Edimax IC-7100 IP cameras are urged to apply available patches immediately to mitigate the risk of exploitation. In the absence of a patch, network administrators should consider isolating these devices from the internet and monitoring network traffic for unusual activity. Given the active exploitation and the critical nature of this vulnerability, swift action is necessary to protect against potential breaches and disruptions.
CSURFACE