Detections
Analytics

CVE-2025-1316

critical

Description

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

https://www.securityweek.com/cisa-warns-of-exploited-nakivo-vulnerability/

https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html

https://securityaffairs.com/175663/security/u-s-cisa-adds-edimax-ic-7100-ip-camera-nakivo-and-sap-netweaver-as-java-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/news-events/alerts/2025/03/19/cisa-adds-three-known-exploited-vulnerabilities-catalog

https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html

https://www.securityweek.com/unpatched-edimax-camera-flaw-exploited-since-at-least-may-2024/

https://www.securityweek.com/edimax-says-no-patches-coming-for-zero-day-exploited-by-botnets/

https://www.securityweek.com/edimax-camera-zero-day-disclosed-by-cisa-exploited-by-botnets/

https://www.bleepingcomputer.com/news/security/unpatched-edimax-ip-camera-flaw-actively-exploited-in-botnet-attacks/

https://securityaffairs.com/175060/hacking/mirai-based-botnets-exploit-cve-2025-1316-zero-day-in-edimax-ip-cameras.html

Details

Source: Mitre, NVD

Published: 2025-03-05

Updated: 2025-03-25

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.72695