Unpatched Edimax Network Camera Vulnerability Exploited by Mirai Botnet
Exploitation of Edimax IC-7100 Network Camera
A previously unpatched security vulnerability in the Edimax IC-7100 network camera has been exploited by malicious actors to deliver Mirai botnet malware variants since at least May 2024.
The vulnerability, identified as CVE-2025-1316 (CVSS v4 score: 9.3), is a critical operating system command injection flaw. An attacker can exploit this vulnerability to achieve remote code execution on susceptible devices by means of a specially crafted request.
According to the web infrastructure and security company Akamai, the earliest exploit attempt targeting this flaw dates back to May 2024. Although a proof-of-concept (PoC) exploit has been publicly available since June 2023.
## Technical Details of the Exploit
The exploit targets the /camera-cgi/admin/param.cgi endpoint in Edimax devices and injects commands into the NTP_serverName option as part of the ipcamSource option of param.cgi, according to Akamai researchers Kyle Lefton and Larry Cashdollar, who said.
While exploiting the endpoint requires authentication, it has been found that the exploitation attempts are making use of default credentials (admin:1234) to obtain unauthorized access.
At least two different Mirai botnet variants have been identified as exploiting the vulnerability. One of them also incorporates anti-debugging functionality prior to running a shell script that retrieves the malware for different architectures.
## Impact and Goals of the Exploitation
The ultimate goal of these campaigns is to corral the infected devices into a network capable of orchestrating distributed denial-of-service (DDoS) attacks against targets of interest over TCP and UDP protocols.
Furthermore, the botnets have been observed exploiting CVE-2024-7214, which affects TOTOLINK IoT devices, and CVE-2021-36220, as well as a Hadoop YARN vulnerability.
## Response from Edimax
In an independent advisory published last week, Edimax said that the CVE-2025-1316 affects legacy devices that are no longer actively supported. Edimax stated that it has no plans to provide a security patch since the model was discontinued over 10 years ago.
## Recommendations for Users
Source Link
