CVE-2025-1316

Known Exploited

Edimax IC-7100 IP Camera OS Command Injection

Description

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

Remediation

Workaround:

Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to Edimax customer support https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/ .

References

Link	Tags
https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08	mitigation third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2025-1316?: CVE-2025-1316 has been scored as a critical severity vulnerability.
How to fix CVE-2025-1316?: As a workaround for remediating CVE-2025-1316: Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to Edimax customer support https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/ .
Is CVE-2025-1316 being actively exploited in the wild?: It is confirmed that CVE-2025-1316 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~75% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-1316?: CVE-2025-1316 affects Edimax IC-7100 IP Camera.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions