CVE-2025-1316

Edimax IC-7100 IP Camera OS Command Injection

CVSS 9.3 CRITICALEPSS 72.3%● KEVCWE-78

In short

The Edimax IC-7100 camera fails to properly validate user input, allowing attackers to inject malicious commands that execute with the device's privileges. This can lead to complete compromise of the camera and any network it's connected to.

Technical detail

CWE-78 OS command injection vulnerability in Edimax IC-7100 allows unauthenticated remote code execution through improperly sanitized request parameters. The device fails to neutralize shell metacharacters, enabling arbitrary command execution with device privileges; exploitation requires network access to the device's web interface.

Summary generated and translated by AI from the official description.

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Edimax · IC-7100 IP Camera

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1316 https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08