Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year

Mar 17, 2025Ravie LakshmananBotnet / Vulnerability

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.

The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a specially crafted request.

Web infrastructure and security company Akamai said the earliest exploit attempt targeting the flaw dates back to May 2024, although a proof-of-concept (PoC) exploit has been publicly available since June 2023.

“The exploit targets the /camera-cgi/admin/param.cgi endpoint in Edimax devices, and injects commands into the NTP_serverName option as part of the ipcamSource option of param.cgi,” Akamai researchers Kyle Lefton and Larry Cashdollar said.

While weaponizing the endpoint requires authentication, it has been found that the exploitation attempts are making use of default credentials (admin:1234) to obtain unauthorized access.

At least two different Mirai botnet variants have been identified as exploiting the vulnerability, with one of them also incorporating anti-debugging functionality prior to running a shell script that retrieves the malware for different architectures.

The end goal of these campaigns is to corral the infected devices into a network capable of orchestrating distributed denial-of-service (DDoS) attacks against targets of interest over TCP and UDP protocols.

Furthermore, the botnets have been observed exploiting CVE-2024-7214, which affects TOTOLINK IoT devices, and CVE-2021-36220, and a Hadoop YARN vulnerability.

In an independent advisory published last week, Edimax said the CVE-2025-1316 affects legacy devices that are no longer actively supported and that it has no plans to provide a security patch since the model was discontinued over 10 years ago.

Given the absence of an official patch, users are advised to either upgrade to a newer model, or avoid exposing the device directly over the internet, change the default admin password, and monitor access logs for any signs of unusual activity.

“One of the most effective ways for cybercriminals to start assembling a botnet is to target poorly secured and outdated firmware on older devices,” Akamai said.

“The legacy of Mirai continues to plague organizations worldwide as the propagation of Mirai malware–based botnets shows no signs of stopping. With all sorts of freely available tutorials and source code (and, now, with AI assistance) spinning up a botnet has become even easier.”

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!