- A vulnerability in an old camera is being used to create a botnet
- The camera is no longer supported by its vendor and will not receive a patch
- Users are advised to move to a newer model
Security researchers are warning cybercriminals are abusing a command injection vulnerability in an old IP camera to build out a botnet.
The IC-7100, manufactured by a Taiwanese networking gear maker called Edimax, is vulnerable to a command injection flaw caused by the improper neutralization of incoming requests, security researchers from Akamai found.
Akamai says that a malicious group is using this flaw right now to build out a botnet – however it isn’t known which botnet, or how big it is – although usually, botnets are used in DDoS attacks, illegal proxy services, ad click fraud, and more.
Obtaining confidential information
The flaw is tracked as CVE-2025-1316, and has a severity score of 9.3/10 (critical). It allows threat actors to send a custom-crafted request to the device, and thus gain remote code execution (RCE) capabilities.
The US Cybersecurity and Infrastructure Security Agency (CISA) reportedly tried reaching out to Edimax, to no avail. Akamai was somewhat luckier, being told by Edimax that the camera reached end-of-life and was no longer supported. However, the manufacturer did not say if other, newer models, were also susceptible to the same flaw, and if it would be addressing it any time soon.
The Edimax IC-7100 is a network camera designed for home and small business surveillance. It is used by homeowners, small businesses & retail stores, in offices, and by remote workers. It was released in 2011, and its discontinuation date isn’t specified. Unfortunately, many owners don’t keep track of outdated gear, and continue to use hardware and software that is no longer supported, putting themselves at risk.
Unfortunately, the only way to defend against this attack is to remove the cameras and replace them with newer, supported models. Putting it behind the firewall might help mitigate the risk, but it won’t eliminate it entirely.
Via BleepingComputer
Leave a comment