Taiwan-based networking solutions provider Edimax says it’s aware of reports that a vulnerability affecting some of its cameras has been exploited in the wild, but it cannot release patches due to the product being discontinued more than a decade ago.
The cybersecurity agency CISA warned organizations on March 4 about CVE-2025-1316, a critical command execution vulnerability affecting Edimax IC-7100 IP cameras.
The agency suggested that the vulnerability may have been exploited as a zero-day, but did not clearly state it in its advisory.
However, Akamai, whose researchers have been credited for reporting the flaw, confirmed to SecurityWeek that the vulnerability has been exploited as a zero-day by multiple Mirai-based botnets. CVE-2025-1316 is just one of the many flaws in these botnets’ arsenal.
Akamai pointed out that exploitation of CVE-2025-1316 requires authentication, but threat actors have completed this requirement by relying on the fact that many internet-exposed devices are still protected by known default credentials.
Once they have gained access to a device, threat actors run a command execution exploit and execute a shell script that downloads a Mirai payload from a remote server.
SecurityWeek reached out to Edimax for comment before publishing an article on March 7, but the vendor has only now responded. The company notified us on Tuesday that it has issued a statement on the matter.
Edimax says it takes product security and user data protection very seriously — despite claims from CISA and Akamai that the vendor has not been responsive to responsible disclosure attempts — but it’s unable to release a patch for CVE-2025-1316.
“The Edimax IC-7100 is a legacy product that was discontinued over 10 years ago, and its technical support and firmware maintenance were officially terminated,” Edimax explained. “Due to the unavailability of the development environment and source code, we regret to inform that no security patch or firmware update can be provided for this product.”
Users still relying on the vulnerable cameras have been advised by the vendor to avoid exposing their devices directly to the internet and to use a firewall or NAT to restrict external access. In addition, users should change default credentials and monitor device access logs for unusual activity.
Despite being the first to suggest active exploitation of the vulnerability, CISA even now has yet to add CVE-2025-1316 to its Known Exploited Vulnerabilities (KEV) catalog.
Related: Exploitation Long Known for Most of CISA’s Latest KEV Additions
Related: Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks
