CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Dashboard
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad

CVE-2025-1316
9.884.08%

Return of the Living Dead: Edimax IC-7100 Command Injection (CVE-2025-1316)

Alon Barad
Alon Barad
Software Engineer

Jan 6, 2026·6 min read·28 visits

Active ExploitationCISA KEV Listed

Executive Summary (TL;DR)

The Edimax IC-7100 IP camera has a critical RCE vulnerability in its NTP configuration setting. By appending shell metacharacters to the `NTP_serverName` parameter, attackers can hijack the device. The vendor has abandoned the product (End-of-Life), leaving no official patch. If you have one, unplug it. It's already likely part of a botnet.

A classic, unpatched OS Command Injection vulnerability in the End-of-Life Edimax IC-7100 IP camera allows remote attackers to execute arbitrary code as root. Actively exploited by Mirai botnets since May 2024, this vulnerability demonstrates the persistent danger of 'zombie' IoT devices.

Technical Appendix

CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Probability
84.08%
Top 1% most exploited

Affected Systems

Edimax IC-7100 IP Camera (All Versions)

Affected Versions Detail

Product
Affected Versions
Fixed Version
IC-7100 IP Camera
Edimax
All VersionsNone (EoL)
AttributeDetail
CWE IDCWE-78 (OS Command Injection)
CVSS v3.19.8 (Critical)
CVSS v4.09.3 (Critical)
Attack VectorNetwork (Remote)
AuthenticationNone Required
EPSS Score0.84082 (99.27th Percentile)
Exploit StatusActive / Widely Exploited (Mirai)

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1059.004Command and Scripting Interpreter: Unix Shell
Execution
T1105Ingress Tool Transfer
Command and Control
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Known Exploits & Detection

Akamai SIRTAnalysis of active Mirai botnet campaigns targeting this vulnerability.
Packet StormVarious generic Edimax exploits exist, this specific CVE tracks the NTP injection.

Vulnerability Timeline

Earliest detected exploitation by Mirai botnets (Akamai SIRT)
2024-05-01
CISA releases ICS Advisory ICSA-25-063-08
2025-03-04
CVE-2025-1316 Published in NVD
2025-03-05
Added to CISA Known Exploited Vulnerabilities (KEV) Catalog
2025-03-19

References & Sources

  • [1]CISA ICSA-25-063-08 Advisory
  • [2]Akamai SIRT: Negative Exposure

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.