A significant security vulnerability in the Edimax IC-7100 network camera has become a target for cybercriminals leveraging various variants of the Mirai botnet malware since at least May 2024. This unpatched flaw, registered as CVE-2025-1316, boasts a critical score of 9.3 on the CVSS v4 scale and facilitates remote code execution through operating system command injection.
According to Akamai, a web infrastructure and security firm, the earliest recorded exploit attempts for this vulnerability can be traced back to May 2024. However, evidence suggests that a proof-of-concept exploit has been publicly available since June 2023, highlighting the ongoing threat posed by the vulnerability.
The exploit specifically targets the /camera-cgi/admin/param.cgi endpoint, injecting commands into the NTP_serverName option as part of the ipcamSource parameter. While authentication is required to exploit this endpoint, attackers have reportedly been using default credentials, such as admin with the password 1234, to gain unauthorized access.
Two distinct variants of the Mirai botnet have been observed exploiting this vulnerability, one of which includes mechanisms for anti-debugging prior to executing a shell script designed to fetch malware tailored for various architectures. The ultimate goal of these attacks is to recruit compromised devices into a network capable of facilitating distributed denial-of-service (DDoS) attacks targeting a range of TCP and UDP protocols.
The botnets have also been exploiting additional vulnerabilities, such as CVE-2024-7214 affecting TOTOLINK IoT devices and CVE-2021-36220 as well as issues within Hadoop YARN. Notably, an independent advisory from Edimax clarified that the CVE-2025-1316 impacts legacy devices that are no longer supported, confirming there are no plans for a security patch, as the model was discontinued over a decade ago.
In the absence of an official patch, business owners are urged to either transition to newer models or implement mitigations, including restricting direct internet access, altering default passwords, and actively monitoring access logs for suspicious activity. As highlighted by Akamai, older devices with poorly secured firmware are prime targets for cybercriminals aiming to construct botnets.
The legacy of the Mirai botnet continues to present substantial challenges for organizations globally, with the proliferation of malware-based botnets remaining a prominent threat. The accessibility of tutorials and source code, coupled with emerging AI capabilities, has further facilitated the ease with which adversaries can deploy botnets, rendering vigilance and robust security measures essential for protection in this evolving landscape.
