CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-1316

Critical Severity
Edimax
SVRS
89/100
CVSSv3
9.8/10
EPSS
0.58629/1

CVE-2025-1316 is a critical remote code execution vulnerability affecting Edimax IC-7100 devices. Due to improper neutralization of requests, an attacker can send specially crafted requests to execute arbitrary code on the affected device. With an SVRS score of 89, this vulnerability requires immediate attention and remediation.

The flaw, categorized as CWE-78 (OS Command Injection), allows attackers to gain complete control of the device remotely. Active exploits are already available and the vulnerability has been added to the CISA KEV catalog, increasing the risk of widespread exploitation. Successful exploitation could lead to data breaches, system compromise, and further network penetration. The high SVRS indicates that this vulnerability is actively targeted and poses a significant threat, making prompt patching essential.

TAGS
In The Wild
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-05
LAST MODIFIED2025-03-25

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Edimax IC-7100 IP Camera OS Command Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-13162025-03-19
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The Good, the Bad and the Ugly in Cybersecurity – Week 12
SentinelOne2025-03-21
The Good, the Bad and the Ugly in Cybersecurity – Week 12 | Three new bugs added to CISA's KEV catalog, RaaS affiliates use new custom backdoor, and compromised GitHub Action exposes CI/CD secrets.The Good | CISA Updates Its KEV Catalog, Reminding Users to Prioritize Patch Management CISA has added three newly exploited vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog
sentinelone.com
rss
forum
news
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
Ajit Jasrotia2025-03-20
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup &#38; Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to read files [&#8230;] The post CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
allhackernews.com
rss
forum
news
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-03-20
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In early March, 2025, US CISA warned that multiple botnets are exploiting a [&#8230;] <h2
securityaffairs.co
rss
forum
news
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA2025-03-19
CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA has added three new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. <a class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" href="https://www.cve.org/CVERecord?id=CVE-2025-1316" rel="noreferrer noopener" target="_blank" title
cisa.gov
rss
forum
news
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
Ajit Jasrotia2025-03-17
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year | An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on [&#8230;] The post Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last
allhackernews.com
rss
forum
news
Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware
Divya2025-03-14
Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware | A recent alert from the Akamai Security Intelligence and Response Team (SIRT) has highlighted the exploitation of a severe command injection vulnerability in Edimax Internet of Things (IoT) devices. This vulnerability, designated as CVE-2025-1316, has been actively used by multiple botnets to spread Mirai malware. Mirai is notorious for compromising IoT devices and orchestrating distributed [&#8230;] The post Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware appeared first on
gbhackers.com
rss
forum
news
Zero day escraviza câmeras Edimax em botnets
Da Redação2025-03-11
Zero day escraviza câmeras Edimax em botnets | Botnets estão explorando uma vulnerabilidade crítica na câmera IP Edimax IC-7100, segundo alerta da CISA, agência de segurança cibernética dos EUA. A falha, identificada como CVE-2025-1316, permite a execução remota de comandos por meio de solicitações maliciosas. A CISA alertou que a vulnerabilidade provavelmente não será corrigida, pois os dispositivos afetados atingiram o fim da [&#8230;] Fonte
cisoadvisor.com.br
rss
forum
news

Social Media

𝗠𝗮𝗿𝗰𝗵 𝟮𝟬𝟮𝟱 𝗧𝗵𝗿𝗲𝗮𝘁 𝗟𝗮𝗻𝗱𝘀𝗰𝗮𝗽𝗲 𝗥𝗲𝗽𝗼𝗿𝘁 𝗶𝘀 𝗼𝘂𝘁! 32 new critical vulnerabilities were added to CISA’s KEV catalog, affecting Microsoft, Google, Mozilla, VMware, Juniper, and Apple. Active zero-day exploits include CVE-2025-1316 (Edimax),
0
0
1
Your security camera could be a hacker’s weapon! A critical flaw (CVE-2025-1316, CVSS 9.3) is being actively exploited to spread Mirai botnet malware turning vulnerable devices into cyberattack launchpads! . . . #hacking #kratikal #cve #vapt #iot https://t.co/X7zx83VGkD
1
0
0
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-1316 #Edimax IC-7100 IP #Camera OS Command Injection #Vulnerability https://t.co/6TCE5vdDbD
0
0
0
🚨 Critical flaw in Edimax IC-7100 cameras (CVE-2025-1316) exploited by Mirai botnets since May 2024. No patch available—users urged to upgrade or secure devices. Legacy tech is a goldmine for cybercriminals. #Cybersecurity #IoT #MiraiBotnet #Vulnerability
0
0
0
🔟 Mirai Botnet Exploits Edimax Cameras Through Command Injection Threat level: Low 🟨 Multiple Mirai botnet variants were uncovered exploiting a command injection vulnerability (CVE-2025-1316) in Edimax IoT cameras.
0
0
0
🚨#hack #snaphack📢📢📢 #buyingcontent #monkeyapp #telegramlinks #snapchatleak #crypto #bitcoin ฿ #easymoney #purchasesnaphacking Old Cameras, New Threats 🔥 A critical flaw (CVE-2025-1316, CVSS 9.3) in Edimax IC-7100 cameras is under active attack—turning unpatched devices‼ https://t.co/hnp31RCc5G
0
0
2
🚨#hack #snaphack📢📢📢 #buyingcontent #monkeyapp #telegramlinks #snapchatleak #crypto #bitcoin ฿ #easymoney #purchasesnaphacking Old Cameras, New Threats 🔥 A critical flaw (CVE-2025-1316, CVSS 9.3) in Edimax IC-7100 cameras is under active attack—turning unpatched devices‼ https://t.co/xcqW89pP7d
0
0
3
Warning: Unpatched Edimax IC-7100 flaw (CVE-2025-1316) exploited for Mirai botnet malware since May 2024, enabling DDoS attacks via default credentials. https://t.co/IVNGsnk6YN
0
0
0
Edimax IC-7100 #IPCamera OS Command #Injection #Vulnerability #Exploited In The Wild #CVE-2025-1316 (#CVSS 9.8/10) Edimax IC-7100 IP has reached its End-of-Life #cyberthreatintelligence #cti
0
0
0
🚨CVE Alert: Edimax IC-7100 IP Camera OS Command Injection Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2025-1316 (CVSS 9.8/10) Edimax IC-7100 IP Camera OS Command Injection Vulnerability Impact A successful exploit may allow a remote attacker to achieve https://t.co/ffb6NA4tnX
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSEdimaxic-7100_firmware

References

ReferenceLink
[email protected]https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08
[email protected]https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence