Edimax acknowledges exploited vulnerability in IC-7100 cameras, no patch

Edimax acknowledges exploited vulnerability in IC-7100 cameras, no patch

Taiwan-based networking solutions provider Edimax has issued a security advisory acknowledging a vulnerability in one of its legacy camera models, the Edimax IC-7100.

However, the company said that no security patches or firmware updates will be released because the said model was discontinued more than ten years ago, and is no longer supported with technical assistance or firmware updates.

“The Edimax IC-7100 is a legacy product that was discontinued over 10 years ago, and its technical support and firmware maintenance were officially terminated,” the company said. “Due to the unavailability of the development environment and source code, we regret to inform that no security patch or firmware update can be provided for this product.”

The vulnerability, tracked as CVE-2025-1316, was discovered by researchers at Akamai, who said that the flaw as being actively exploited by several Mirai-based botnets.

According to Akamai, the Mirai botnet exploits CVE-2025-1316 by running a shell script that downloads a Mirai payload after compromising a device. Despite requiring authentication, threat actors have been able to leverage the fact that many devices still rely on default credentials, making them easy targets for exploitation.

In a security advisory released last week, CISA provided details on CVE-2025-1316, though the agency did not confirm active exploitation at that time.

This week, CISA updated its Known Exploited Vulnerabilities (KEV) catalog with a slew of vulnerabilities impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM).

These included:

  • CVE-2024-57968: An unrestricted file upload vulnerability in Advantive VeraCore that could allow remote, unauthenticated attackers to upload files to unintended directories.

  • CVE-2025-25181: An SQL injection vulnerability in Advantive VeraCore, which allows attackers to execute arbitrary SQL commands.

  • CVE-2024-13159, CVE-2024-13160, CVE-2024-13161: Multiple absolute path traversal vulnerabilities in Ivanti Endpoint Manager (EPM), which allow attackers to leak sensitive information remotely without authentication.

Also, Taiwanese company Moxa specializing in industrial networking solutions, has released a patch addressing CVE-2024-12297, a flaw in its PT switches that could allow attackers to bypass authentication protections.

 

Back to the list

Latest Posts

New Ballista botnet targets unpatched TP-Link Archer routers

New Ballista botnet targets unpatched TP-Link Archer routers

More than 6,000 devices have already been infected by Ballista.
11 March 2025
Critical PHP flaw comes under mass-exploitation

Critical PHP flaw comes under mass-exploitation

If successfully exploited, the flaw could allow attackers to execute arbitrary code.
11 March 2025
Edimax acknowledges exploited vulnerability in IC-7100 cameras, no patch

Edimax acknowledges exploited vulnerability in IC-7100 cameras, no patch

No security patches or firmware updates will be released because the product was discontinued more than ten years ago.
11 March 2025
Popular Posts
Featured vulnerabilities
IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component update for OpenSSL
Medium Patched | 12 Mar, 2025
Multiple vulnerabilities in IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component
Medium Patched | 12 Mar, 2025
Multiple vulnerabilities in IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component
Medium Patched | 12 Mar, 2025
Multiple vulnerabilities in IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component
Medium Patched | 12 Mar, 2025
Denial of service in hostapd
Medium Patched | 12 Mar, 2025