A important command injection vulnerability impacting the Edimax IC-7100 IP digicam is recently being exploited by means of botnet malware to compromise units.
The flaw used to be came upon by means of Akamai researchers, who showed to BleepingComputer that the flaw is exploited in assaults which are nonetheless ongoing.
Akamai researcher Kyle Lefton advised BleepingComputer that they are going to supply extra technical information about the flaw and the related botnet subsequent week.
After finding the flaw, Akamai reported it to the U.S. Cybersecurity & Infrastructure Company (CISA), who tried to touch the Taiwanese seller.
“Each Akamai SIRT and CISA tried to touch the seller (Edimax) more than one instances. CISA used to be not able to get a reaction from them,” Lefton advised BleepingComputer.com.
“I for my part reached out to them and gained a reaction, however all they stated used to be that the instrument in query, IC-7100, used to be finish of existence, due to this fact now not receiving additional updates. As Edimax used to be not able to offer us with additional info, it’s conceivable that this CVE impacts a much broader vary of units, and it’s not going {that a} patch will launched.”
The Edimax IC-7100 is an IP safety digicam for far flung surveillance at properties, small place of job structures, business amenities, and business settings.
The product is not extensively to be had in retail channels anymore. It used to be launched in October 2011, and Edimax lists it underneath its ‘legacy merchandise,’ suggesting it is now not produced and is most likely now not supported.
Alternatively, an important collection of the ones units might nonetheless be used around the globe.
The Edimax vulnerability is tracked as CVE-2025-1316 and is a important severity (CVSS v4.0 rating 9.3) OS command injection flaw led to by means of the mistaken neutralization of incoming requests.
A far flung attacker can exploit this flaw and acquire far flung code execution by means of sending specifically crafted requests to the instrument.
On this case, the present exploitation is being carried out by means of botnet malware to compromise the units.
Botnets in most cases use those units to release allotted denial of carrier (DDoS) assaults, proxy malicious visitors, or pivot to different units at the similar community.
Given the location and energetic exploitation standing for CVE-2025-1316, impacted units will have to be taken offline or changed with actively supported merchandise.
CISA recommends that customers decrease web publicity for impacted units, position them in the back of firewalls, and isolate them from important industry networks.
Additionally, the U.S. company recommends the usage of up-to-date Digital Non-public Community (VPN) merchandise for safe far flung get entry to when required.
Commonplace indicators of compromised IoT units come with efficiency degradation, over the top heating, surprising adjustments in instrument settings, and peculiar/anomalous community visitors.