While many companies rush to secure their latest gadgets, ancient Edimax IC-7100 IP cameras are being hijacked by the thousands. These forgotten relics, discontinued over a decade ago, harbor a critical vulnerability that’s become a hacker’s dream. CVE-2025-1316, with its alarming CVSS score of 9.3, allows complete remote control of these devices. Cybercriminals couldn’t ask for an easier target.
The flaw is embarrassingly simple. Attackers inject malicious code through the /camera-cgi/admin/param.cgi endpoint, specifically targeting the NTP_serverName option. Authentication is required, but that’s hardly a roadblock when most owners never changed the default “admin:1234” credentials. Seriously, people?
The exploit is child’s play—basic code injection meets unchanged default credentials. A hacker’s paradise served on a silver platter.
Mirai botnet variants have been exploiting this vulnerability since May 2024, though proof-of-concept code has been floating around since June 2023. These compromised cameras join massive botnets used to launch devastating DDoS attacks over TCP and UDP protocols. It’s like watching zombie cameras rise from technological graves.
Edimax’s response? A collective shrug. The company acknowledged the vulnerability but explained these products are legacy models unsupported for over 10 years. No patch forthcoming. Their development environment for these dinosaurs no longer exists. Tough luck if you still use one.
Discovered by Akamai’s Security Intelligence and Response Team, the vulnerability was reported to CISA and Edimax in October 2024. CISA published an advisory on March 4, 2025, after Edimax initially ghosted researchers. Nothing like corporate responsibility in action.
For those stuck with these vulnerable cameras, options are limited. Keep them off the internet. Use firewalls. Change those ridiculous default passwords. The malware targets multiple device architectures including ARM, MIPS, and x86, making a wide range of hardware vulnerable. Other Edimax IoT products may also be affected by this zero-day vulnerability. Small businesses are particularly at risk, with 60% shutting down within six months after experiencing such cyber attacks. Or just replace them entirely—probably the smartest move.
The exact number of compromised devices remains unknown, but they’re likely scattered across commercial facilities worldwide. One thing’s certain: as long as these cameras remain online, they’ll continue serving as unwitting soldiers in the ever-expanding Mirai army. Your outdated security camera might be attacking someone else’s network right now.
