Skip to main content

Ic 7100 Firmware CVE-2025-1316

CRITICAL
OS Command Injection (CWE-78)
2025-03-05 ics-cert@hq.dhs.gov
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
Added to CISA KEV
Oct 30, 2025 - 15:54 cisa
CISA KEV
CVE Published
Mar 05, 2025 - 00:15 nvd
CRITICAL 9.3

DescriptionCVE.org

Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device

AnalysisAI

Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life.

Technical ContextAI

The CWE-78 command injection allows unauthenticated attackers to inject OS commands through web interface requests that are passed to shell execution without sanitization.

RemediationAI

Replace the device immediately. If replacement is impossible, completely isolate it from the internet. Never expose IoT cameras directly to the internet.

Share

CVE-2025-1316 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy