Attacks exploiting Edimax IP camera zero-day ongoing for nearly a year

Vulnerable Edimax IP cameras affected by the critical command injection zero-day, tracked as CVE-2025-1316, have been targeted by numerous Mirai-based botnets since May, reports SecurityWeek.

Initial exploitation of the flaw in May was followed by a months-long pause before surging in September and from January to February but the availability of a proof-of-concept exploit since June 2023 suggests earlier attack attempts, according to an analysis from Akamai.

Observed intrusions by the Mirai-based botnets involved the targeting of devices with default credentials to facilitate Mirai deployment, with one of the detected botnets also abusing an unpatched Totolink product flaw, tracked as CVE-2024-7214.

Organizations have been urged to ensure the usage of up-to-date software and firmware to prevent botnet compromise as Edimax disclosed that the vulnerability, which is present in IP cameras that have reached end-of-life over 10 years ago, could no longer be patched due to source code and development environment unavailability.