Akamai, a leading CDN and cybersecurity firm, has revealed that a recently disclosed zero-day vulnerability in Edimax devices has been actively exploited since at least May 2024.
Tracked as CVE-2025-1316, the flaw specifically affects Edimax IC-7100 IP cameras, though Akamai suspects other Edimax IoT devices may also be vulnerable. The issue was brought to public attention on March 4, 2025, when CISA issued an advisory warning of ongoing exploitation. Shortly after, Akamai confirmed that multiple Mirai-based botnets were leveraging the vulnerability in real-world attacks.
According to Akamai, the company initially reported the flaw to Edimax in October 2024, but the manufacturer failed to address it. Following SecurityWeek’s report on its exploitation, Edimax issued a statement claiming the affected devices were discontinued over a decade ago and could not be patched due to a lack of source code and development resources.
Exploitation Timeline
- May 2024: Akamai’s honeypots first detected exploitation attempts.
- June 2023: A proof-of-concept (PoC) exploit for CVE-2025-1316 was already publicly available.
- September 2024, January & February 2025: A resurgence of exploitation activity.
Attackers are using Mirai-based botnets to compromise vulnerable devices and download the primary Mirai malware payload. Although authentication is required for exploitation, threat actors have been bypassing this hurdle by using default login credentials commonly left unchanged on IoT devices.
Additionally, one of the observed botnets has also exploited CVE-2024-7214, an unpatched vulnerability affecting Totolink devices, another frequent target of Mirai botnets.
A Growing Threat
Akamai warns that poorly secured and outdated firmware on older devices remains a prime target for cybercriminals looking to build botnets. The company has released indicators of compromise (IoCs) and security rules, including Yara and Snort signatures, to help organizations detect and mitigate threats related to CVE-2025-1316.
