Close Menu
World Forbes – Business, Tech, AI & Global Insights
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
What's Hot

Sebeiba festival in Algeria carries on ancient tradition

July 11, 2025

Photos of Cuban women with long decorated nails

July 11, 2025

Cuban women spend on extravagant nail art

July 11, 2025
Facebook X (Twitter) Instagram
Trending
  • Sebeiba festival in Algeria carries on ancient tradition
  • Photos of Cuban women with long decorated nails
  • Cuban women spend on extravagant nail art
  • Forbes 2025 America’s Most Successful Immigrants
  • Healthy workday snacks include a smart mix of energy-boosters
  • Americans see child care costs as ‘major problem,’ AP-NORC poll finds
  • Jane Birkin’s original Hermès bag is up for auction
  • Hindu music singer inaugurates project to spread yoga in Brazil’s favelas
World Forbes – Business, Tech, AI & Global InsightsWorld Forbes – Business, Tech, AI & Global Insights
Friday, July 11
  • Home
  • AI
  • Billionaires
  • Business
  • Cybersecurity
  • Education
    • Innovation
  • Money
  • Small Business
  • Sports
  • Trump
World Forbes – Business, Tech, AI & Global Insights
Home » Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
Cybersecurity

Unpatched Edimax Camera Flaw Exploited Since at Least May 2024

adminBy adminMarch 13, 2025No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email
Post Views: 57


A recently disclosed zero-day affecting Edimax devices has been exploited in the wild since at least May 2024, according to CDN and cybersecurity solutions provider Akamai.

The vulnerability, identified as CVE-2025-1316, has been confirmed to impact Edimax IC-7100 IP cameras, but Akamai believes other Edimax IoT products may be impacted as well. 

Its existence came to light on March 4, when CISA published an advisory suggesting active exploitation. Akamai confirmed for SecurityWeek a few days later that CVE-2025-1316 has indeed been exploited in the wild, by multiple Mirai-based botnets.

The company, which has now released additional information on its findings, said it reported the vulnerability to Edimax in October 2024, but the vendor failed to take action. 

Only after the flaw’s in-the-wild exploitation was reported by SecurityWeek, Edimax, a Taiwan-based networking solutions provider, issued a statement saying that the vulnerability impacts devices discontinued more than a decade ago and it cannot be patched “due to the unavailability of the development environment and source code”.

Akamai’s analysis showed that its honeypots logged the first signs of exploitation in May 2024. These exploitation attempts stopped for a few months, but spiked again in September 2024, as well as in January and February 2025. 

However, exploitation may have started even sooner considering that — as the security firm reported — a PoC exploit for CVE-2025-1316 has been available since June 2023. 

Akamai’s honeypots have logged exploitation attempts from two Mirai-based botnets. Once they successfully access a device and exploit the vulnerability, the attackers execute commands to download and execute the main Mirai payload. 

Advertisement. Scroll to continue reading.

Exploitation of CVE-2025-1316 requires authentication, but Akamai noticed that threat actors have been completing this requirement by accessing targeted devices with known default credentials.

Akamai pointed out that one of these botnets has also exploited CVE-2024-7214, an unpatched Totolink device vulnerability that came to light in the summer of 2024. There do not appear to be any previous reports confirming exploitation of this vulnerability, but Totolink product flaws are known to have been targeted by Mirai-based botnets. 

“One of the most effective ways for cybercriminals to start assembling a botnet is to target poorly secured and outdated firmware on older devices,” Akamai said.

The company has made available indicators of compromise (IoC), as well as Yara and Snort rules. 

Related: BadBox Botnet Powered by 1 Million Android Devices Disrupted

Related: Vo1d Botnet Evolves as It Ensnares 1.6 Million Android TV Boxes

Related: New Eleven11bot DDoS Botnet Powered by 80,000 Hacked Devices



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

O2 Service Vulnerability Exposed User Location

May 20, 2025

Madhu Gottumukkala Officially Announced as CISA Deputy Director

May 20, 2025

BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software

May 19, 2025

Printer Company Procolored Served Infected Software for Months

May 19, 2025

UK Legal Aid Agency Finds Data Breach Following Cyberattack

May 19, 2025

480,000 Catholic Health Patients Impacted by Serviceaide Data Leak

May 19, 2025
Add A Comment
Leave A Reply Cancel Reply

Don't Miss
Billionaires

Forbes 2025 America’s Most Successful Immigrants

July 10, 2025

A record 125 foreign-born U.S. citizens are billionaires living in the United States. They hail…

Billionaire Immigrants From Iran, Cuba, Pakistan And Israel Discuss Current Climate

July 10, 2025

Mamdani Doesn’t Think We Should Have Billionaires. Here’s Why That Will Never Happen.

July 8, 2025

How The Blake Lively Saga Led A Billionaire To Shut Down His Foundation

July 7, 2025
Our Picks

Sebeiba festival in Algeria carries on ancient tradition

July 11, 2025

Photos of Cuban women with long decorated nails

July 11, 2025

Cuban women spend on extravagant nail art

July 11, 2025

Forbes 2025 America’s Most Successful Immigrants

July 10, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

About Us
About Us

Welcome to World-Forbes.com
At World-Forbes.com, we bring you the latest insights, trends, and analysis across various industries, empowering our readers with valuable knowledge. Our platform is dedicated to covering a wide range of topics, including sports, small business, business, technology, AI, cybersecurity, and lifestyle.

Our Picks

After Klarna, Zoom’s CEO also uses an AI avatar on quarterly call

May 23, 2025

Anthropic CEO claims AI models hallucinate less than humans

May 22, 2025

Anthropic’s latest flagship AI sure seems to love using the ‘cyclone’ emoji

May 22, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Facebook X (Twitter) Instagram Pinterest
  • Home
  • About Us
  • Advertise With Us
  • Contact Us
  • DMCA Policy
  • Privacy Policy
  • Terms & Conditions
© 2025 world-forbes. Designed by world-forbes.

Type above and press Enter to search. Press Esc to cancel.