CVE-2025-1316 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-03-04

Added to CISA KEV: 2025-03-19 15 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately isolate affected Edimax IC-7100 cameras from internet access and place behind firewall/VPN
Contact Edimax support for patches as vendor has been unresponsive to CISA coordination efforts
Implement network segmentation to isolate IP cameras from critical systems
Monitor camera access logs and network traffic for suspicious activity
Consider replacing devices if vendor continues to be unresponsive to security issues
PATCH PRIORITY: CRITICAL - Active exploitation with RCE capability

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-1316 is an OS command injection vulnerability affecting Edimax IC-7100 IP cameras ^[4] ^[3].

Active Exploitation and Threat Actors

The vulnerability has been actively exploited in the wild by multiple Mirai-based botnets ^[3]. Threat actors use the vulnerability to execute shell scripts that download and run Mirai malware payloads on the affected devices ^[2] ^[3]. It was added to CISA's Known Exploited Vulnerabilities (KEV) catalog in 2025 ^[4].

Attack Method and Requirements

Method: The vulnerability allows for remote OS command injection, enabling attackers to achieve remote code execution (RCE) ^[5].
Requirements: Successful exploitation technically requires authentication ^[1]. However, attackers bypass this requirement by leveraging known default credentials on internet-exposed devices ^[1] ^[3].
Public Exploits: There are public proof-of-concept (PoC) exploits available for this vulnerability ^[6].

Impact

Successful exploitation provides attackers with the ability to execute arbitrary commands on the camera, typically leading to the device being co-opted into a Mirai botnet ^[2] ^[3].

Affected Products and Mitigation

Affected Products: The vulnerability is confirmed to impact Edimax IC-7100 IP cameras, though it is believed other Edimax IoT products may also be affected ^[3].
Patch Status: Edimax has indicated that no patches will be released for this vulnerability ^[1].
Mitigation: Users are advised to change default credentials and monitor device access logs for unusual activity ^[1]. If mitigations are unavailable, CISA guidance suggests discontinuing the use of the product ^[7].

Sources

Edimax Says No Patches Coming for Zero-Day Exploited by Botnets
Akamai pointed out that exploitation of CVE-2025-1316 requires authentication, but threat actors have completed this requirement by relying ... Akamai pointed out that exploitation of CVE-2025-1316 requires authentication, but threat actors have completed this requirement by relying on the fact that…
CISA Warns of Edimax IP Camera OS Command Injection Vulnerability ...
The threat actors exploit this remote command execution capability to run shell scripts that download Mirai malware payloads from remote servers. Despite evidence of active exploitation, CISA has not yet added CVE-2025-1316 to its Known Exploited Vulnerabilities (KEV) catalog, which serves as “the a…
Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
Once they successfully access a device and exploit the vulnerability, the attackers execute commands to download and execute the main Mirai payload. Exploitation of CVE-2025-1316 requires authentication, but Akamai noticed that threat actors have been completing this requirement by accessing targete…
CVE-2025-1316 Detail - NVD
This CVE is in CISA's Known Exploited Vulnerabilities Catalog ; Edimax IC-7100 IP Camera OS Command Injection Vulnerability, 03/19/2025, 04/09/2025 ...
CVE-2025-1316 - Vulnerability-Lookup
Risk evaluation: Successful exploitation of this vulnerability could allow an attacker to send specially crafted requests to achieve remote code execution on ...
CVE-2025-1316 - Edimax IC-7100 IP Camera OS Command Injection...
CVE-2025-1316 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.The following table lists the changes that have been made to the CVE-2025-1316 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnera…
NVD - CVE-2025-1316
CVE-2025-1316 Detail. Description.Due Date. Required Action. Edimax IC-7100 IP Camera OS Command Injection Vulnerability. 03/19/2025. 04/09/2025. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are u…

🔴 CVE-2025-1316