A critical command injection vulnerability (CVE-2025-1316) in the Edimax IC-7100 IP camera is actively being exploited by botnet malware to take control of devices.
Akamai researchers discovered the flaw and reported it to CISA, but attempts to contact Edimax were largely unsuccessful; the company responded only to confirm that the IC-7100 is an end-of-life product with no further updates.
Since the camera is still in use worldwide, the flaw could potentially impact a broader range of devices, making a fix unlikely.
The vulnerability allows remote attackers to execute code on affected devices by sending specially crafted requests, enabling botnets to hijack them for DDoS attacks, traffic proxying, or network infiltration.
Because exploitation is ongoing, users are advised to take vulnerable cameras offline or replace them with actively supported models.
CISA also recommends minimizing internet exposure, placing devices behind firewalls, and using secure VPN solutions for remote access.
Common signs of infection include performance issues, overheating, unexpected setting changes, and unusual network activity.
With no patch expected, securing networks and replacing outdated IoT devices is crucial to preventing further exploitation.
