CVE-2025-1316

Published Mar 5, 2025

Last updated 5 days ago

CVSS critical 9.3
Edimax

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-1316 is a command injection vulnerability found in Edimax IC-7100 IP cameras. It stems from improper neutralization of special elements within requests, allowing attackers to execute arbitrary code remotely. Exploitation involves crafting specific requests to gain control of the device. While authentication is typically required, attackers exploit the prevalence of default or weak credentials on internet-exposed cameras. Successful exploitation enables attackers to execute shell scripts, often downloading malware like Mirai. The vulnerability affects all versions of the IC-7100 and was reported to the vendor in October 2024. However, as of March 2025, no patch is available, and the vendor has been unresponsive to disclosure attempts, citing the product's end-of-life status. Multiple Mirai-based botnets are actively exploiting this vulnerability.

Description
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
Source
ics-cert@hq.dhs.gov
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

ics-cert@hq.dhs.gov
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2025-1316

    @transilienceai

    10 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Actively exploited CVE : CVE-2025-1316

    @transilienceai

    9 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Vulnerabilità nella telecamera Edimax IC-7100 genera zombie per botnet Sicurezza Informatica, attacco remoto, cisa, CVE-2025-1316, Edimax IC-7100, IoT, OS Command Injection, sicurezza, vulnerabilità https://t.co/Ks1qYb5HJW https://t.co/T7FX7FqEB6

    @matricedigitale

    8 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #Mirai-based #botnets #exploit CVE-2025-1316 #zero_day in #Edimax #IP_cameras https://t.co/hgelFjL9Z6 https://t.co/Hujxkyz8V5

    @omvapt

    8 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-1316

    @transilienceai

    8 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Unpatched Edimax Camera Zero-Day Under Attack 🚨 Mirai botnets are exploiting CVE-2025-1316, a critical RCE flaw in Edimax IC-7100 IP cameras. No patch available—assume compromise if exposed online! https://t.co/04sxs383Wj #CyberSecurity #IoT #Hacking #Botnet https://t.co/R

    @dCypherIO

    8 Mar 2025

    24 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. A critical flaw (CVE-2025-1316) in Edimax IC-7100 IP cameras is being exploited by botnet malware. With a CVSS score of 9.3, affected users should take devices offline or replace them. 📷🔒 #Edimax #Botnet #USA link: https://t.co/JrjDhNanFm https://t.co/WWrM4MhSIO

    @TweetThreatNews

    7 Mar 2025

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. MiraiボットネットがEdimax製IPカメラのゼロデイ(CVE-2025-1316)を悪用し、大規模攻撃を実施。DDoSやリモート制御の被害拡大。ファームウェア更新が未提供のため、管理ポートの閉鎖が推奨される。 https://t.co/SEnYMZjrlW

    @01ra66it

    7 Mar 2025

    1227 Impressions

    4 Retweets

    13 Likes

    8 Bookmarks

    1 Reply

    1 Quote

  9. Akamai researchers confirm a critical command injection vulnerability (CVE-2025-1316) in Edimax IC-7100 IP cameras exploited by botnet malware, urging users to offline or replace affected devices and enhance security. #Security https://t.co/nvWH6oXtGe

    @Strivehawk

    7 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 CISA Alert: Edimax IP Camera Vulnerability! 🚨 CVE-2025-1316 (CVSS 9.8) allows remote code execution on Edimax IC-7100 cameras. No vendor fix! Public exploits are out. Use firewalls & VPNs #Deepweb #Darkweb Breaking news from the world & Darkweb: https://t.co/ZF7G3lwjo

    @godeepweb

    7 Mar 2025

    31 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA warns of a critical vulnerability (CVE-2025-1316) in Edimax IC-7100 IP cameras, with a CVSS score of 9.8. Remote code execution risk is high due to available public exploits. 🛡️ #CISA #Edimax #USA link: https://t.co/XXdmCEzLB6 https://t.co/SCD9ByDU3a

    @TweetThreatNews

    7 Mar 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2025-1316

    @transilienceai

    7 Mar 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. A serious vulnerability (CVE-2025-1316) in Edimax IC-7100 IP cameras allows command injection and remote execution, exploited by Mirai botnets. No patch available. Risks remain high! 📷⚠️ #Edimax #BotnetThreat #USA link: https://t.co/UvCPn0q23d https://t.co/qR7svPIhQe

    @TweetThreatNews

    7 Mar 2025

    19 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Edimax IC-7100 IP Camera 0-Day Exploited in Attacks Read more: https://t.co/xe7HuCtGDO 👉 CVE-2025-1316, allows attackers to execute remote code on the device by sending specially crafted requests, exploiting an improper neutralization of unique elements used in OS… https:/

    @The_Cyber_News

    7 Mar 2025

    315 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA Warns of Critical Edimax IP Camera Flaw (CVE-2025-1316) with Public Exploits and No Vendor Fix https://t.co/M9lCxiqsiI

    @Dinosn

    7 Mar 2025

    1559 Impressions

    3 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 CVE-2025-1316 ⚠️🔴 CRITICAL (9.3) 🏢 Edimax - IC-7100 IP Camera 🏗️ All 🔗 https://t.co/Vk0UolVUXJ #CyberCron #VulnAlert #InfoSec https://t.co/dzSC6Oc2g6

    @cybercronai

    6 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-1316

    @transilienceai

    5 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. CVE-2025-1316 Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device https://t.co/ViuUqBZ2IO

    @CVEnew

    5 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. [CVE-2025-1316: CRITICAL] Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device#cybersecurity,#vulnerability https://t.co/izMtxXEUjX https://t.co/kDqP02hPpx

    @CveFindCom

    5 Mar 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️ Vulnerability Alert: OS Command Injection in Edimax IC-7100 IP Camera 📅 Timeline: Disclosure: 2025-03-04, Patch: N/A 📌 Attribution: Akamai SIRT 🆔cveId: CVE-2025-1316 📊baseScore: 9.3 📏cvssMetrics: AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N cvssSeverity:… ht

    @syedaquib77

    4 Mar 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References