- Vulnerability in an old camera is used to create a botnet
- The camera is no longer supported by its supplier and will not receive a patch
- It is advisable for users to go to a more recent model
Security researchers warn cybercriminals abuse an order injection vulnerability in an old IP camera to build a botnet.
The IC-7100, manufactured by a manufacturer of Taiwanese networking equipment called EDIMAX, is vulnerable to a lack of command injection caused by the incorrect neutralization of incoming requests, revealed Akamai safety researchers.
Akamai says that a malicious group uses this defect at the moment to build a botnet – but we do not know which botnet, nor its size – although generally, botnets are used in DDOS attacks, illegal proxy services, advertising click fraud, and more.
Obtain confidential information
The defect is followed as CVE-2025-1316 and has a gravity score of 9.3 / 10 (critic). It allows threat actors to send a request made on personality to the device, and thus obtain distant code execution capacities (RCE).
The American Cybersecurity and Infrastructure Safety Agency (CISA) would have tried to reach out to Edimax, in vain. Akamai was a little lucky, than Edimax said that the camera reached the end of life and was no longer taken care of. However, the manufacturer has not said that if other more recent models were also sensitive to the same defect and if it would be for that anytime soon.
The Edimax IC-7100 is a network camera designed for monitoring small businesses and small businesses. It is used by owners, small businesses and retail stores, in offices and by remote workers. It was published in 2011 and its stop date is not specified. Unfortunately, many owners do not keep a trace of obsolete equipment and continue to use hardware and software that is no longer taken care of, endangering themselves.
Unfortunately, the only way to defend yourself against this attack is to remove the cameras and replace them with more recent and supported models. Putting it behind the firewall could help alleviate the risk, but it will not eliminate it entirely.
Via Bleeping Compompute
