A serious security vulnerability in the Edimax IC-7100 network camera has been actively exploited by cybercriminals to deploy Mirai botnet malware variants since at least May 2024. The flaw, tracked as CVE-2025-1316, is a critical operating system command injection vulnerability with a CVSS v4 score of 9.3. Attackers can leverage this weakness to execute remote code on affected devices through specially crafted requests.
Edimax Camera Exploit: A Gateway for Mirai Malware
Security firm Akamai has traced the earliest known exploit attempts of this flaw back to May 2024, even though a proof-of-concept (PoC) exploit has been publicly available since June 2023.
According to cybersecurity experts Kyle Lefton and Larry Cashdollar from Akamai, attackers are targeting the vulnerable endpoint /camera-cgi/admin/param.cgi in Edimax devices, injecting malicious commands through the NTP_serverName option within the ipcamSource parameter.
Although authentication is required for access, hackers are bypassing security controls by using default credentials (admin:1234). This oversight allows unauthorized access, making it easier for cybercriminals to exploit the vulnerability.
Mirai Botnet Variants Leveraging the Vulnerability
At least two distinct Mirai botnet variants have been observed exploiting CVE-2025-1316. One variant even includes anti-debugging techniques before executing a shell script that downloads the malware for multiple architectures.
The primary objective of these botnets is to recruit compromised devices into a network capable of launching large-scale DDoS (Distributed Denial-of-Service) attacks over TCP and UDP protocols. These attacks overwhelm target systems, causing service disruptions and financial damages.
Mirai Botnet Expands Scope: Other Exploited Vulnerabilities
Besides targeting Edimax devices, Mirai botnets have been found exploiting several other vulnerabilities, including:
- CVE-2024-7214 – Affecting TOTOLINK IoT devices
- CVE-2021-36220 – A serious security risk
- Hadoop YARN vulnerability – Used for launching botnet campaigns
Edimax Responds: No Security Patch for Legacy Devices
In an independent advisory released last week, Edimax confirmed that CVE-2025-1316 affects legacy devices no longer supported. Since the IC-7100 model was discontinued over 10 years ago, the company has no plans to release a security patch.
Given the lack of an official fix, cybersecurity experts recommend users take the following precautions:
- Upgrade to a newer, actively supported model
- Avoid exposing the device directly to the internet
- Change the default admin password immediately
- Monitor access logs for unusual activity
The Ongoing Threat of Mirai Botnets
Akamai warns that cybercriminals continue to exploit outdated firmware and weak security settings to expand Mirai-based botnet networks. The widespread availability of Mirai’s source code, hacking tutorials, and AI-assisted tools has made it easier than ever for attackers to create botnets.
“With unpatched, poorly secured devices still in operation, the threat from Mirai botnets remains persistent,” Akamai researchers stated. Organizations and individuals must remain vigilant by securing their devices and staying informed about emerging threats.
Final Thoughts: Secure Your IoT Devices Now
With Mirai botnets showing no signs of slowing down, users must take proactive steps to secure their IoT devices. By upgrading to newer models, implementing strong security practices, and staying informed about vulnerabilities, individuals and businesses can mitigate the risk of falling victim to cyberattacks.
