- Vulnerability is being used in an old chamber to create a botnet
- The camera is no longer compatible with its supplier and will not receive a patch
- Users are recommended to move to a newer model
Security researchers warn that cybercriminals are abusing a command injection vulnerability in an old IP camera to build a botnet.
The IC-7100, manufactured by a gear-network gear manufacturer called Edimax, is vulnerable to a command injection failure caused by inadequate neutralization of incoming requests, they found Akamai security researchers.
Akamai says that a malicious group is using this defect at this time to build a botnet, however, it is not known what botnet, or how big it is, although generally, the botnets are used in DDOS attacks, illegal proxy services, ad -click fraud ad and more.
Obtain confidential information
The defect is tracked as CVE-2025-1316, and has a gravity score of 9.3/10 (critic). It allows the threat actors to send a personalized application to the device and, therefore, obtain remote code execution capabilities (RCE).
According to reports, the United States Cybersecurity and Infrastructure Security Agency (CISA) tried to reach Edimax, in vain. Akamai was somewhat more fortunate, and Edimax told him that the camera reached the end of life and that it was no longer supported. However, the manufacturer did not say if other newer models were also susceptible to the same failure, and if he approached it soon.
Edimax IC-7100 is a network chamber designed for home surveillance and small businesses. It is used by housing owners, small businesses and retail stores, in offices and remote workers. It was released in 2011, and its interruption date is not specified. Unfortunately, many owners do not monitor obsolete equipment and continue to use hardware and software that is no longer compatible, putting themselves at risk.
Unfortunately, the only way to defend against this attack is to eliminate cameras and replace them with newer and more compatible models. Putting it behind the Firewall could help mitigate the risk, but it will not eliminate it completely.
Through Bleepingcomputer
