Concern actors have been utilizing an unpatched security weakness that has been affecting the Edimax IC-7100 community cameras to distribute Mirat malware trojan variants since at least May 2024.
A critical operating system command injection flaw called ( CVSS v4 score: 9.3 ) is the vulnerability in question, which an attacker could exploit to execute remote code on vulnerable devices through a specially crafted request.
The earliest exploit attempt to fix the flaw, according to Web infrastructure and security company Akamai, dates back to May 2024, despite a proof-of-concept ( PoC ) exploit being made since June 2023.
The /camera-cgi/admin/param is the target of the exploit. In Edimax products, Edimax uses a graphics terminal and injects commands into the NTP_serverName solution as part of the ipcamSource choice of param. According to Larry Cashdollar and Kyle Lefton, Akamai scientists,” cgi.”
Although unauthorized access to the terminal must be facilitated by using proxy credentials (admin: 1234), it has been discovered that exploitation attempts make use of this information when using the endpoint to weaponize it.
One Mirai malware variant also has anti-debugging capabilities installed before running a shell script to retrieve the malware for various architectures, which has been linked to at least two different Mirai malware variants.
The end goal of these campaigns is to integrate the compromised devices into a network capable of launching distributed denial-of-service ( DDoS ) attacks against target targets using TCP and UDP protocols.
Additionally, it has been discovered that the bots are able to exploit CVE-2024-7214, which affects TOTOLINK IoT tools, CVE-2021-36220, and a Hadoop YARN risk.
Since the design was discontinued over ten years ago, Edimax claimed in an independent advisory released last week that the CVE-2025-1316 affects reputation products that are no longer constantly supported and that it has no plans to offer a security update.
Users are advised to either switch to a newer model or avoid exposing the device directly to the internet, change the default administration login, and check access logs for any indication of uncommon activity since there isn’t an official patch.
According to Akamai, “teaching badly secured and antiquated bios on older products is one of the most effective ways for fraudsters to start assembling a botnet.”
Companies around the world are still impacted by Mirai’s reputation because it shows no signs of slowing down the spread of Mirai malware-based botnets. With the help of numerous freely available training and source code ( and, more recently, with AI assistance ), creating a malware has become even simpler.