The unearned security flaws affecting the edimax IC-7100 network cameras have been leveraged by threat actors to provide the Mirat Botnet malware variant since at least May 2024.
The vulnerability in question is CVE-2025-1316 (CVSS V4 score: 9.3). This is a critical operating system command injection flaw that attackers can utilize to achieve remote code execution on sensitive devices through specially written requests.
Web infrastructure and security company Akamai has been making the earliest exploit attempt to target defect dates through May 2024, but has been published since June 2023.
“The exploit targets the /camera-cgi/admin/admin/param.cgi endpoint on the edimax device and injects the command into the ntp_servername option as part of the IPCamsource option in param.cgi.
Although authentication is required to weaponize an endpoint, it is known that attempts to exploit are using default credentials (admin:1234) to obtain unauthorized access.
At least two different Mirai Botnet variants have been identified as exploiting the vulnerability, one of which also incorporates real estate prevention features before running a shell script to retrieve malware from different architectures.
The ultimate goal of these campaigns is to surround infected devices with a network that can coordinate distributed denial of distribution (DDOS) attacks against targets of interest through the TCP and UDP protocols.
Additionally, botnets have been observed using CVE-2024-7214, which affects vulnerabilities in Totolink IoT devices, CVE-2021-36220, and Hadoop Yarn.
In an independent recommendation released last week, Edimax said that CVE-2025-1316 has affected legacy devices that are no longer actively supported, and that there is no plan to provide security patches since the model was discontinued more than a decade ago.
Given the lack of official patches, it is recommended that users upgrade to a new model or not publish their devices directly on the Internet, change their default admin password, and monitor their access logs for indications of unusual activity.
“One of the most effective ways for cybercriminals to start assembling a botnet is to target poorly secure and outdated firmware on older devices,” Akamai said.
“Mirai’s legacy continues to plague organizations around the world as Mirai malware-based botnet propagation shows no indication of a halt,” he said. “All kinds of freely available tutorials and source code (and now with AI support) have made it even easier to spin the botnet.”
Source link
