CVE-2025-1316
CRITICAL
2025-03-05
[email protected]
9.3
CVSS 4.0
Share
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X
Lifecycle Timeline
3
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
Added to CISA KEV
Oct 30, 2025 - 15:54 cisa
CISA KEV
CVE Published
Mar 05, 2025 - 00:15 nvd
CRITICAL 9.3
Description
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device
Analysis
Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life.
Technical Context
The CWE-78 command injection allows unauthenticated attackers to inject OS commands through web interface requests that are passed to shell execution without sanitization.
Affected Products
['Edimax IC-7100 (end-of-life)']
Remediation
Replace the device immediately. If replacement is impossible, completely isolate it from the internet. Never expose IoT cameras directly to the internet.
Priority Score
182
Low
Medium
High
Critical
KEV: +50
EPSS: +85.1
CVSS: +46
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).