Mirai-based botnets set sights on Edimax IP camera zero-day

SecurityWeek reports that several Mirai-based botnets have been targeting vulnerable Edimax IP cameras impacted by the critical command injection zero-day flaw, tracked as CVE-2025-1316 — which the Cybersecurity and Infrastructure Security Agency disclosed but did not include in its Known Exploited Vulnerabilities catalog.

Even though authentication is needed to exploit the vulnerability, threat actors have been taking advantage of default credentials prevalently used in online cameras to obtain initial access and facilitate a remote command execution exploit that retrieves the Mirai payload, according to Akamai researcher Kyle Lefton.

Additional details regarding the Mirai-based botnet intrusions against unpatched Edimax cameras are expected to be released in the coming days.

While Edimax rebuffed Akamai and CISA's notifications regarding the vulnerability, stating that it no longer remediates security issues in obsolete products, Akamai noted that the flaw could also impact products still supported by the networking solution provider.