Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】 Edimax IC-7100 Contains High-Risk RCE Vulnerability (CVE-2025-1316), Exploited by Attackers – Immediate Security Measures Recommended

publish date : 2025-03-17 update date : 2025-03-17

Security Vulnerability Alert: CVE-2025-1316
Vulnerability Details
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding a remote code execution (RCE) vulnerability in the Edimax IC-7100 network camera. This vulnerability allows attackers to execute arbitrary code remotely through specially crafted requests, potentially integrating the device into the Mirai botnet.
All versions of the IC-7100 are affected. The CVSS 3.1 severity score is 9.8 (out of 10), while the CVSS 4.0 score is 9.3, categorizing it as a critical security risk.
Security firm Akamai has reported that multiple Mirai botnets have been exploiting this vulnerability since Fall 2024. Additionally, many users have not changed default credentials, making it easier for attackers to gain unauthorized access and execute malicious commands.


Affected Scope
•    Affected Product: Edimax IC-7100 Network Camera
•    Affected Versions: All versions (This product has been discontinued for 10 years and is no longer supported)
•    Affected Devices: Any device still using the IC-7100


Recommended Actions
As the IC-7100 has reached its end-of-life (EOL) and no security patches are available, users are strongly advised to take the following precautions:
1.    Remove or Replace the Device: Since the manufacturer will not provide patches, discontinue use of the IC-7100 and switch to a supported product.
2.    Restrict Network Access: Avoid exposing the camera to the public internet. Use firewalls or NAT to limit external access.
3.    Change Default Credentials: Update the administrator password immediately and avoid using factory default settings.
4.    Monitor Device Activity: Regularly review access logs for unusual connections or unauthorized access attempts.


References
•    https://www.ithome.com.tw/news/167767
•    https://www.edimax.com/edimax/post/post/data/edimax/global/press_releases/4802/


 Reminder: This vulnerability has already been actively exploited by attackers. Affected users should take immediate security measures to mitigate potential risks.
 

Organizer: Computer Center
Click Num:
Print