Unpatched Edimax IP camera flaw actively exploited in botnet attacks

A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. The flaw was discovered by Akamai researchers, who confirmed to BleepingComputer that the flaw is exploited in attacks that are still ongoing. Akamai researcher Kyle Lefton told BleepingComputer that they will provide more technical details about the flaw and the associated botnet next week. After discovering the flaw, Akamai reported it to the U.S. Cybersecurity & Infrastructure Agency (CISA), who attempted to contact the Taiwanese vendor. "Both Akamai SIRT and CISA attempted to contact the vendor (Edimax) multiple times. CISA was unable to get a response from them," Lefton told BleepingComputer.com. "I personally reached out to them and received a response, but all they said was that the device in question, IC-7100, was end of life, therefore not receiving further updates. As Edimax was unable to provide us with more information, ... Read full article.