IoT, Vulnerability Management, Threat Intelligence

Attacks exploiting Edimax IP camera zero-day ongoing for nearly a year

Credit: Adobe Stock Images

Vulnerable Edimax IP cameras affected by the critical command injection zero-day, tracked as CVE-2025-1316, have been targeted by numerous Mirai-based botnets since May, reports SecurityWeek.

Initial exploitation of the flaw in May was followed by a months-long pause before surging in September and from January to February but the availability of a proof-of-concept exploit since June 2023 suggests earlier attack attempts, according to an analysis from Akamai.

Observed intrusions by the Mirai-based botnets involved the targeting of devices with default credentials to facilitate Mirai deployment, with one of the detected botnets also abusing an unpatched Totolink product flaw, tracked as CVE-2024-7214.

Organizations have been urged to ensure the usage of up-to-date software and firmware to prevent botnet compromise as Edimax disclosed that the vulnerability, which is present in IP cameras that have reached end-of-life over 10 years ago, could no longer be patched due to source code and development environment unavailability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds