Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
Edimax IC-7100网络摄像头因未修补的CVE-2025-1316漏洞(CVSS v4评分9.3)被攻击者利用传播Mirai僵尸网络恶意软件。该漏洞允许通过构造请求注入命令,攻击者利用默认密码获取访问权限。至少两种Mirai变种被发现利用此漏洞,并结合其他漏洞攻击TOTOLINK设备和Hadoop YARN。Edimax表示该漏洞影响已停产设备,无补丁计划。建议用户升级或采取安全措施。 2025-3-17 13:12:0 Author: thehackernews.com(查看原文) 阅读量:36 收藏

Mirai Botnet Attacks

An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024.

The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a specially crafted request.

Web infrastructure and security company Akamai said the earliest exploit attempt targeting the flaw dates back to May 2024, although a proof-of-concept (PoC) exploit has been publicly available since June 2023.

Cybersecurity

"The exploit targets the /camera-cgi/admin/param.cgi endpoint in Edimax devices, and injects commands into the NTP_serverName option as part of the ipcamSource option of param.cgi," Akamai researchers Kyle Lefton and Larry Cashdollar said.

While weaponizing the endpoint requires authentication, it has been found that the exploitation attempts are making use of default credentials (admin:1234) to obtain unauthorized access.

At least two different Mirai botnet variants have been identified as exploiting the vulnerability, with one of them also incorporating anti-debugging functionality prior to running a shell script that retrieves the malware for different architectures.

The end goal of these campaigns is to corral the infected devices into a network capable of orchestrating distributed denial-of-service (DDoS) attacks against targets of interest over TCP and UDP protocols.

Mirai Botnet Attacks

Furthermore, the botnets have been observed exploiting CVE-2024-7214, which affects TOTOLINK IoT devices, and CVE-2021-36220, and a Hadoop YARN vulnerability.

In an independent advisory published last week, Edimax said the CVE-2025-1316 affects legacy devices that are no longer actively supported and that it has no plans to provide a security patch since the model was discontinued over 10 years ago.

Cybersecurity

Given the absence of an official patch, users are advised to either upgrade to a newer model, or avoid exposing the device directly over the internet, change the default admin password, and monitor access logs for any signs of unusual activity.

"One of the most effective ways for cybercriminals to start assembling a botnet is to target poorly secured and outdated firmware on older devices," Akamai said.

"The legacy of Mirai continues to plague organizations worldwide as the propagation of Mirai malware–based botnets shows no signs of stopping. With all sorts of freely available tutorials and source code (and, now, with AI assistance) spinning up a botnet has become even easier."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html
如有侵权请联系:admin#unsafe.sh