CVE-2025-1316 (GCVE-0-2025-1316)
Vulnerability from cvelistv5 – Published: 2025-03-04 23:36 – Updated: 2025-10-21 22:55
VLAI?
CISA
Summary
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Edimax | IC-7100 IP Camera |
Affected:
All
|
Credits
Akamai SIRT reported this vulnerability to CISA.
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog
Date added: 2025-03-19
Due date: 2025-04-09
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Used in ransomware: Unknown
Notes: https://www.edimax.com/edimax/post/post/data/edimax/global/press_releases/4801/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-1316
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1316",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T18:07:15.456983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1316"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:25.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1316"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-19T00:00:00+00:00",
"value": "CVE-2025-1316 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "IC-7100 IP Camera",
"vendor": "Edimax",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Akamai SIRT reported this vulnerability to CISA."
}
],
"datePublic": "2025-03-04T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEdimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device\u003c/span\u003e"
}
],
"value": "Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T23:36:59.724Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08"
}
],
"source": {
"advisory": "ICSA-25-063-08",
"discovery": "EXTERNAL"
},
"title": "Edimax IC-7100 IP Camera OS Command Injection",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEdimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/\"\u003eEdimax customer support\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to Edimax customer support https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/ ."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-1316",
"datePublished": "2025-03-04T23:36:59.724Z",
"dateReserved": "2025-02-14T21:54:41.042Z",
"dateUpdated": "2025-10-21T22:55:25.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2025-1316",
"cwes": "[\"CWE-78\"]",
"dateAdded": "2025-03-19",
"dueDate": "2025-04-09",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://www.edimax.com/edimax/post/post/data/edimax/global/press_releases/4801/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-1316",
"product": "IC-7100 IP Camera",
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"shortDescription": "Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.",
"vendorProject": "Edimax",
"vulnerabilityName": "Edimax IC-7100 IP Camera OS Command Injection Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-1316\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2025-03-05T00:15:35.057\",\"lastModified\":\"2025-10-30T15:54:20.360\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device\"},{\"lang\":\"es\",\"value\":\"Edimax IC-7100 no neutraliza adecuadamente las solicitudes. Un atacante puede crear solicitudes especialmente manipuladas para lograr la ejecuci\u00f3n remota de c\u00f3digo en el dispositivo.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2025-03-19\",\"cisaActionDue\":\"2025-04-09\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Edimax IC-7100 IP Camera OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:edimax:ic-7100_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCC9FC13-8583-44E7-8023-7661DC41FFA7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:edimax:ic-7100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F2A4FCD-2C1A-4D42-A76C-6CF84EB3ADF1\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1316\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-1316\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-19T18:07:15.456983Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2025-03-19\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1316\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-03-19T00:00:00+00:00\", \"value\": \"CVE-2025-1316 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-1316\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-05T16:12:15.258Z\"}}], \"cna\": {\"title\": \"Edimax IC-7100 IP Camera OS Command Injection\", \"source\": {\"advisory\": \"ICSA-25-063-08\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Akamai SIRT reported this vulnerability to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Edimax\", \"product\": \"IC-7100 IP Camera\", \"versions\": [{\"status\": \"affected\", \"version\": \"All\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-03-04T17:00:00.000Z\", \"references\": [{\"url\": \"https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-08\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Edimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to Edimax customer support https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/ .\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEdimax has not responded to CISA requests to coordinate the vulnerability. Affected users are encouraged to reach out to \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.edimax.com/edimax/form/contact_us/data/edimax/global/contact_us/\\\"\u003eEdimax customer support\u003c/a\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e.\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEdimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2025-03-04T23:36:59.724Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-1316\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:25.794Z\", \"dateReserved\": \"2025-02-14T21:54:41.042Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2025-03-04T23:36:59.724Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…