Login Sign Up

CVE-2024-7616

5.5 MEDIUM
Remote Code Execution

📋 TL;DR

A critical command injection vulnerability in Edimax IP cameras allows attackers to execute arbitrary commands on affected devices by manipulating the 'host' parameter in the cgiFormString function. This affects Edimax IC-6220DC and IC-5150W IP cameras up to version 3.06. The vendor has not responded to disclosure attempts.

💻 Affected Systems

Products:
  • Edimax IC-6220DC
  • Edimax IC-5150W
Versions: Up to and including version 3.06
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations using the vulnerable CGI function are affected. No special configuration required for exploitation.

📦 What is this software?

Ic 5150w Firmware by Edimax

View all CVEs affecting Ic 5150w Firmware →

Ic 6220dc Firmware by Edimax

View all CVEs affecting Ic 6220dc Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to install persistent backdoors, pivot to internal networks, or use device as botnet node.

🟠

Likely Case

Remote code execution leading to camera control takeover, credential theft, or denial of service.

🟢

If Mitigated

Limited impact if devices are isolated in separate VLANs with strict network controls.

🌐 Internet-Facing: HIGH - IP cameras are often exposed to internet for remote access, making them prime targets.
🏢 Internal Only: MEDIUM - Still vulnerable to internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed technical analysis available in public references. Exploitation requires sending crafted HTTP requests to the vulnerable CGI endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor Edimax website for firmware updates. Consider replacing devices if no patch is forthcoming.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IP cameras in separate VLAN with strict firewall rules

Web Interface Restriction

linux

Block external access to camera web interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

  • Remove devices from internet-facing networks immediately
  • Implement strict network access controls allowing only necessary traffic

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at System > Firmware. If version is 3.06 or lower, device is vulnerable.

Check Version:

curl -s http://camera-ip/cgi-bin/ipcam_cgi | grep -i version

Verify Fix Applied:

No fix available to verify. Monitor vendor for firmware updates above version 3.06.

📡 Detection & Monitoring

Log Indicators:

  • Unusual CGI requests to ipcam_cgi with shell metacharacters
  • Unexpected command execution in system logs

Network Indicators:

  • HTTP POST requests to /cgi-bin/ipcam_cgi with shell commands in parameters
  • Outbound connections from cameras to unusual destinations

SIEM Query:

source="camera_logs" AND (uri="/cgi-bin/ipcam_cgi" AND (param="host" AND value MATCHES "[;&|`$()]"))

📊 Metadata

CVE ID: CVE-2024-7616
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-77
Published: August 12, 2024
Last Updated: August 13, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7616, you might also want to check these:

CVE-2024-48841 10.0

This critical vulnerability in FLXEON software allows remote attackers to execute arbitrary code wit...

Same vulnerability type (CWE-77)
CVE-2025-59818 10.0

This vulnerability allows authenticated attackers to execute arbitrary system commands by manipulati...

Same vulnerability type (CWE-77)
CVE-2024-28354 10.0

This is a critical command injection vulnerability in TRENDnet TEW-827DRU routers that allows remote...

Same vulnerability type (CWE-77)