U.S. CISA Adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the potential for malicious activity associated with these flaws.
Edimax IC-7100 IP Camera Vulnerability
In early March 2025, CISA warned that multiple botnets are exploiting a recently disclosed vulnerability in Edimax IC-7100 IP cameras, tracked as CVE-2025-1316 (CVSS score of 9.8). The issue is an Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’), which allows attackers to create specially crafted requests and achieve remote code execution on the device.
The flaw impacts all C-7100 IP Camera versions, as these cameras are end-of-life products. Unfortunately, the advisory does not confirm exploitation of the flaw in the wild; however, Akamai researchers discovered the vulnerability, and experts have confirmed that it is actively exploited in the wild.
NAKIVO Vulnerability
The second flaw added to the catalog, tracked as CVE-2024-48248, is a path traversal issue that allows unauthenticated attackers to read sensitive files like “/etc/shadow” via the “/c/router” endpoint. This vulnerability affects all versions before 10.11.3.86570.
The vulnerability was patched in November 2024 with version 11.0.0.88174, and a proof-of-concept exploit code was published by watchTowr Labs in February.
SAP NetWeaver AS Java Flaw
The third issue added to the KEV catalog is a directory traversal vulnerability, tracked as CVE-2017-12637, in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5.
Remote attackers can exploit this flaw to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017.
Action Required
CISA orders federal agencies to fix this vulnerability by April 9, 2025. Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure to protect against attacks exploiting these flaws.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date. Experts stress the importance of prompt action to prevent potential security breaches.
Contact CISA
Report suspected malicious activity to CISA for tracking and correlation with other incidents. Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest cybersecurity news and updates.