CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-1316

CVSS 9.3v4.0pub. 2025-03-05upd. 2025-10-30

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Edimax Ic 7100

    HW
    Edimax
    wszystkie wersje
  • Edimax Ic 7100 Firmware

    OS
    Edimax
    wszystkie wersje

CISA KEV — detailsi

Vendori
Edimax
Producti
IC-7100 IP Camera
Added to KEVi
March 19, 2025
Remediation deadline (US Federal)i
April 9, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 9 kwietnia 2025
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2026-32841CRITICAL9.2PL ✓ten sam vendor

Edimax GS-5008PL — pominięcie uwierzytelnienia w interfejsie zarządzania

CVE-2020-37125CRITICAL9.3PL ✓ten sam vendor

RCE bez uwierzytelnienia w Edimax EW-7438RPn Mini przez endpoint /goform/mp

CVE-2025-70161CRITICAL9.8PL ✓ten sam vendor

Command Injection w Edimax BR-6208AC — wykonanie dowolnego kodu

CVE-2025-34029CRITICAL9.4PL ✓ten sam vendor

Command injection w Edimax EW-7438RPn Mini — wykonanie poleceń jako root

CVE-2025-34024CRITICAL9.4PL ✓ten sam vendor

OS Command Injection w Edimax EW-7438RPn Mini — wykonanie poleceń jako root