Vulnerable Edimax IP cameras affected by the critical command injection zero-day, tracked as CVE-2025-1316, have been targeted by numerous Mirai-based botnets since May, reports SecurityWeek.
Initial exploitation of the flaw in May was followed by a months-long pause before surging in September and from January to February, but the availability of a proof-of-concept exploit since June 2023 suggests earlier attack attempts, according to an analysis from Akamai.
Observed intrusions by the Mirai-based botnets involved the targeting of devices with default credentials to facilitate Mirai deployment, with one of the detected botnets also abusing an unpatched Totolink product flaw, tracked as CVE-2024-7214.
Organizations have been urged to ensure the usage of up-to-date software and firmware to prevent botnet compromise. Edimax has disclosed that the vulnerability, which is present in IP cameras that have reached end-of-life over 10 years ago, could no longer be patched because of source code and development environment unavailability.
