As the Internet of Things (IoT) continues to expand, a growing number of devices are being connected to the internet, ranging from smart home appliances to industrial machinery. However, this growth comes with a heightened risk of security vulnerabilities, as recently illustrated by a critical issue found in Edimax devices. The vulnerability, cataloged as CVE-2025-1316, has placed numerous IoT devices at risk of being compromised by Mirai-based botnets. These botnets have been exploiting the vulnerability since at least May 2024 and have continued to do so despite an alert issued in October 2024.
Discovery of the Edimax Vulnerability
Akamai, renowned for its content delivery network services and cybersecurity solutions, discovered that Edimax IC-7100 IP cameras were susceptible to a zero-day vulnerability. Although Edimax had been notified of the issue by October 2024, they did not take action. The company explained their inaction by citing the devices’ discontinuation over a decade ago and the lack of available development tools and source code needed to address the problem. This vulnerability, which stemmed from default authentication credentials, allowed attackers to take advantage of the outdated firmware on these older devices to infiltrate networks and form botnets.
Further investigation by Akamai showed that exploitation attempts initially surfaced in May 2024 but surged dramatically in both September 2024 and early 2025. An existing proof-of-concept exploit, available since June 2023, suggested that exploitation could have started even earlier than documented. Notably, various Mirai-based botnets harnessed this vulnerability to download and execute malicious payloads, reinforcing how easy it is for cybercriminals to form botnets from neglected devices.
Widespread Botnet Activity
In addition to the Edimax vulnerability, Akamai identified another vulnerability exploited by the same group of botnets. This second vulnerability, CVE-2024-7214, was found in Totolink devices. This discovery highlighted the broader trend of cybercriminals leveraging poorly secured, outdated devices to build extensive botnets. One of the most alarming aspects of this revelation is how common such vulnerable devices remain in use, leaving networks exposed to sophisticated attacks. These compromised devices often serve as digital stepping stones for attackers, who deploy them to facilitate larger, more damaging operations.
To aid in defense efforts, Akamai has provided indicators of compromise (IoC) and issued Yara and Snort rules. These measures are critical for identifying and mitigating threats posed by these IoT device vulnerabilities. The continuous occurrence of botnets like the BadBox and Vo1d, which capitalize on compromised devices, underscores the dire need for improved IoT security standards. Neglected and outdated IoT devices, such as the Edimax IC-7100 IP cameras, remain prime targets, elevating the risk of widespread network attacks.
The Importance of Securing IoT Devices
As the Internet of Things (IoT) continues to grow, an increasing number of devices, from smart home gadgets to industrial machinery, are being connected online. This expansion, however, has led to a rise in security vulnerabilities, showcasing significant risks. A notable example is the recently discovered critical flaw in Edimax devices, known as CVE-2025-1316. This vulnerability has left many IoT devices susceptible to attacks by Mirai-based botnets. These malicious networks have been exploiting the flaw since at least May 2024 and have persisted in their activities even after a security alert was issued in October 2024. Despite ongoing efforts to address this issue, the vulnerability continues to pose a serious threat to the security of connected devices. It underscores the urgent need for heightened security measures and continuous updates to protect the ever-expanding IoT landscape, highlighting the imperative for manufacturers and users alike to stay vigilant against potential threats.
