CVE-2025-1316 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Edimax IC-7100 IP Camera OS Command Injection Vulnerability

Exploit added

March 19, 2025

Action due

April 9, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08

Weakness Enumeration

CWE-ID	CWE Name
CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Details

Source:
NVD

Published:
March 5, 2025

Updated:
March 20, 2025

Risk information

CVSS v3

Base score:
9.8

Severity:

CRITICAL

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined