A security flaw in the Edimax IC-7100 network camera is being exploited by hackers to spread Mirai botnet malware since May 2024. According to Akamai analysts, the availability of a proof-of-concept exploit since June 2023 suggests earlier attack attempts.
The vulnerability, CVE-2025-1316, is a critical OS command injection flaw with a CVSS score of 9.3. The command injection allows threat actors to run malicious code on the camera by sending a special request to the camera’s system, tricking users into executing the commands.
The camera setting page is targeted by hackers to insert malicious commands into the NTP_serverNAme option. While attackers require login access, it has been observed that they are using the default username and password to break in and deploy the malware. The final goal is suspected to be clustering all the affected devices to form a botnet and launch DDOS attacks against target systems.
Hackers are also exploiting other known vulnerabilities, including CVE-2024-7241, CVE-2021-36220, and Hadoop YARN.
Edimax, in its advisory, said that the vulnerability impacts the discontinued camera models and confirmed that they will not provide any patches due to source code and development environment unavailability.
Akami stated that hackers target old, poorly secure devices to create botnets. Mirai malware has been around us for years and continues to infect thousands of devices worldwide. With all sorts of freely available tutorials and source code, creating botnets has become easier than ever for cybercriminals.
Hence, users must act to protect their devices. To stay safe, upgrade to a newer supported camera model, do not connect the device directly to the internet, and monitor device logs for any suspicious activity.
