While companies rush to patch the latest security flaws, some vulnerabilities remain unfixed simply because nobody cares anymore. That’s exactly the case with Edimax’s IC-7100 IP cameras, now the target of multiple Mirai-based botnets thanks to a critical command injection vulnerability. The flaw, designated CVE-2025-1316 with a scary 9.3 CVSS score, allows attackers to execute code remotely after authentication.
Discovered by Akamai researchers last fall and disclosed March 4, the vulnerability affects all versions of the decade-old camera. The vulnerability received a CVSS score of 9.8, indicating its extremely high severity and potential impact. Tough luck if you’re still using one. Attackers are having a field day, leveraging default credentials to gain access before deploying shell scripts that download Mirai malware.
Edimax’s response? A collective shrug. The company acknowledged the vulnerability but flat-out refused to develop patches. Their excuse? The cameras were discontinued over ten years ago, they’ve lost the development environment, and the source code is probably collecting digital dust somewhere. Classic corporate amnesia.
CISA’s advisory urged users to contact Edimax for guidance – a laughable suggestion given the company initially couldn’t even be bothered to respond to disclosure attempts. The agency also recommended defensive measures like isolating devices and using firewalls, since removal isn’t always an option. Organizations discovering suspected exploitation are encouraged to report their findings to CISA for tracking and correlation.
The situation highlights the mess that is IoT device lifecycle management. These cameras are still deployed in commercial facilities worldwide, creating perfect targets for botnet recruitment. This represents a significant risk since 60% of businesses close within six months of a cyber attack. Once compromised, they join the army of zombie devices used in DDoS attacks and other cybercrime.
Experts recommend removing the cameras entirely if possible. If not, isolation behind firewalls and network access controls might help. Avoid direct internet exposure like the plague.
The bigger lesson? That cheap camera you installed a decade ago could become tomorrow’s security nightmare. And when it does, don’t expect the manufacturer to care. They’ve moved on to selling newer models – security be damned.
