Unpatched Edimax Camera Flaw Exploited to Deploy Mirai Botnet Malware

A critical security vulnerability in the Edimax IC-7100 network camera is being actively exploited by cybercriminals to distribute Mirai botnet malware variants, according to researchers.

  Vulnerability Alerts   Mar 18, 2025  Add to Reading List
Unpatched Edimax Camera Flaw Exploited to Deploy Mirai Botnet Malware

critical security vulnerability in the Edimax IC-7100 network camera is being actively exploited by cybercriminals to distribute Mirai botnet malware variants, according to researchers. Tracked as CVE-2025-1316 (CVSS v4 score: 9.3), the flaw is an operating system command injection vulnerability that enables remote code execution when exploited through a specially crafted request.

Exploitation and Attack Methods

Researchers at Akamai revealed that cybercriminals have been targeting this flaw since May 2024, although a proof-of-concept (PoC) exploit has been publicly available since June 2023. The exploit manipulates the /camera-cgi/admin/param.cgi endpoint, injecting malicious commands into the NTP_serverName option of the ipcamSource parameter.

Although authentication is required, attackers are successfully bypassing this by leveraging the default credentials (admin:1234), allowing them to gain unauthorized access.

Mirai Botnet Deployment

At least two distinct Mirai botnet variants have been detected exploiting the flaw. One variant includes anti-debugging features before executing a shell script that downloads the malware across multiple architectures.

Once infected, these compromised cameras become part of a botnet, which can launch large-scale distributed denial-of-service (DDoS) attacks against targets via TCP and UDP protocols. Additionally, the attackers have been exploiting other vulnerabilities, including:

  • CVE-2024-7214 (affecting TOTOLINK IoT devices)
  • CVE-2021-36220
  • A Hadoop YARN vulnerability

No Security Patch Available

Edimax issued an advisory confirming that the affected devices are legacy models that have been discontinued for over a decade and that no security patch will be released.

Mitigation Strategies

Since no official fix is expected, users are strongly advised to:
Upgrade to a newer model with active security support
Avoid exposing the camera directly to the internet
Change default credentials immediately
Monitor device access logs for unusual activity

Ongoing Threat from Mirai Botnets

Akamai warns that outdated and poorly secured firmware in IoT devices remains a prime target for cybercriminals seeking to build botnets. The Mirai malware continues to evolve, and with easily accessible tutorials, open-source code, and AI-powered automation, launching a botnet has become easier than ever.