Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XEdimax Ic 7100
HWEdimaxwszystkie wersjeEdimax Ic 7100 Firmware
OSEdimaxwszystkie wersje
CISA KEV — detailsi
- Vendori
- Edimax
- Producti
- IC-7100 IP Camera
- Added to KEVi
- March 19, 2025
- Remediation deadline (US Federal)i
- April 9, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Related vulnerabilities
Edimax GS-5008PL — pominięcie uwierzytelnienia w interfejsie zarządzania
RCE bez uwierzytelnienia w Edimax EW-7438RPn Mini przez endpoint /goform/mp
Command Injection w Edimax BR-6208AC — wykonanie dowolnego kodu
Command injection w Edimax EW-7438RPn Mini — wykonanie poleceń jako root
OS Command Injection w Edimax EW-7438RPn Mini — wykonanie poleceń jako root