Negative Exposure: Edimax Network Cameras Used to Spread Mirai
March 17, 2025, 10:05 a.m.
Description
The Akamai Security Intelligence and Response Team (SIRT) has identified a critical command injection vulnerability, CVE-2025-1316, in Edimax IC-7100 IP cameras. This flaw allows attackers to execute arbitrary commands remotely, leading to the integration of these devices into Mirai-based botnets. The vulnerability stems from improper neutralization of special elements in OS commands, enabling remote code execution through specially crafted requests. Despite detection efforts, Edimax has not provided patches, leaving affected devices exposed to ongoing exploitation.
Tags
Date
- Created: March 17, 2025, 9:28 a.m.
- Published: March 17, 2025, 9:28 a.m.
- Modified: March 17, 2025, 10:05 a.m.
Indicators
- ee6f9b6e8f2c0b37b906914cd640b7bde1a903545035eb4861dba5f1ec0317a9
- e2ce2a05d4b70ea4dfacbc60477f2f1fac7b521b28650fe726d77d7999f57759
- c792ce87ba1b0dc37cf3d2d2b4ad3433395ae93e0f1ae9c1140d097d093c1457
- ba8d7017545747bc1bc609277af26a0c8c1fa92541c0290dd9d8570d59faca97
- b8837d659bb88adc0348de027d33d9c17e6d1ee732b025928e477dc2802cb256
- 9f6bfe55961ae4b657dd1e7b3f488b49133cd2cd89d89d3f1052fc5d28287de6
- 9111ad2a4bc21a6c6a45507c59b7e35151b8c909f4bb1238cc2b1d750fc6fe89
- 75ad7e1857d39eb1554c75d1f52aa4c14318896a7aebbc1d10e673aee4c2ca36
- 555ca3b4a1e17f832d477f365a660775acc10d59a51d7cc194e6249b5c0ba58f
- 4d577320b4875fcd7e7e65aece5bd4e3040772e4030a0d671570fcc9337fab72
- 43896ed73bf5565dacacd3921af42b0d0f484f69695187c249ad40d86a3aec59
- 4244ef7ff56a2dab17f06c98131f61460ec9ca7eec6f7cb057d7e779c3079a65
- 40b87a40b2de80bc5a8cc40cd1667a3ded9b01211487a3aea8e11225994b0f21
- 49.12.210.140
- 194.120.230.54
- 172.235.166.240
- 172.232.38.103
- 147.45.199.16
- 193.143.1.118
- 172.232.38.224
- 170.39.193.232
- 93.123.85.135
- 172.235.166.10
- cnc.merisprivate.net
- cnc.ziparchive.xyz
- bot.merisprivate.net
- angela.spklove.com
- virtuehub.one
Attack Patterns
- Mirai
- T1202
- T1071.001
- T1496