An unpatched safety flaw impacting the Edimax IC-7100 community digicam is being exploited by menace actors to ship Mirat botnet malware variants since at the very least Could 2024.
The vulnerability in query is CVE-2025-1316 (CVSS v4 rating: 9.3), a vital working system command injection flaw that an attacker might exploit to attain distant code execution on inclined gadgets by the use of a specifically crafted request.
Net infrastructure and safety firm Akamai stated the earliest exploit try focusing on the flaw dates again to Could 2024, though a proof-of-concept (PoC) exploit has been publicly out there since June 2023.
“The exploit targets the /camera-cgi/admin/param.cgi endpoint in Edimax gadgets, and injects instructions into the NTP_serverName possibility as a part of the ipcamSource possibility of param.cgi,” Akamai researchers Kyle Lefton and Larry Cashdollar stated.
Whereas weaponizing the endpoint requires authentication, it has been discovered that the exploitation makes an attempt are making use of default credentials (admin:1234) to acquire unauthorized entry.
No less than two completely different Mirai botnet variants have been recognized as exploiting the vulnerability, with considered one of them additionally incorporating anti-debugging performance previous to working a shell script that retrieves the malware for various architectures.
The top aim of those campaigns is to corral the contaminated gadgets right into a community able to orchestrating distributed denial-of-service (DDoS) assaults towards targets of curiosity over TCP and UDP protocols.
Moreover, the botnets have been noticed exploiting CVE-2024-7214, which impacts TOTOLINK IoT gadgets, and CVE-2021-36220, and a Hadoop YARN vulnerability.
In an impartial advisory revealed final week, Edimax stated the CVE-2025-1316 impacts legacy gadgets which can be now not actively supported and that it has no plans to supply a safety patch because the mannequin was discontinued over 10 years in the past.
Given the absence of an official patch, customers are suggested to both improve to a more recent mannequin, or keep away from exposing the machine immediately over the web, change the default admin password, and monitor entry logs for any indicators of bizarre exercise.
“One of the efficient methods for cybercriminals to start out assembling a botnet is to focus on poorly secured and outdated firmware on older gadgets,” Akamai stated.
“The legacy of Mirai continues to plague organizations worldwide because the propagation of Mirai malware–based mostly botnets reveals no indicators of stopping. With all types of freely out there tutorials and supply code (and, now, with AI help) spinning up a botnet has turn into even simpler.”
