Critical Vulnerabilities Found in D-Link Devices
Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three significant security vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. This decision was largely driven by verified reports of these flaws being actively exploited. These vulnerabilities date back to 2020 and 2022, underscoring that even older technology can pose serious security risks.
Overview of the Vulnerabilities
The identified vulnerabilities carry high severity ratings, with the severity scores outlined below:
- CVE-2020-25078 (CVSS score: 7.5) – This vulnerability in D-Link devices DCS-2530L and DCS-2670L could permit unauthorized remote disclosure of administrator passwords.
- CVE-2020-25079 (CVSS score: 8.8) – An authenticated command injection flaw located in the cgi-bin/ddns_enc.cgi component of DCS-2530L and DCS-2670L devices poses a significant threat.
- CVE-2020-40799 (CVSS score: 8.8) – This vulnerability affects the D-Link DNR-322L, allowing an authenticated attacker to execute operating system-level commands due to a lack of integrity checks during a code download.
Current Exploitation Status
While details on the specific exploitation methods remain unclear, a December 2024 advisory from the Federal Bureau of Investigation (FBI) highlighted active campaigns, particularly focusing on vulnerabilities like CVE-2020-25078. The HiatusRAT campaigns are reportedly scanning vulnerable web cameras to exploit these security flaws.
Patch and Lifecycle Concerns
Unfortunately, CVE-2020-40799 remains unpatched because the affected DNR-322L model reached its end-of-life (EoL) status in November 2021. Users of this outdated device are strongly encouraged to stop using them and consider upgrading to newer models with robust security support. Patches for the other two vulnerabilities were made available by D-Link in 2020, providing some options for users to secure their devices.
Recommended Actions for Agencies
In light of the ongoing exploitation of these vulnerabilities, it is imperative that Federal Civilian Executive Branch (FCEB) agencies conduct necessary mitigation measures by August 26, 2025, to ensure the integrity of their networks. This proactive approach will help in safeguarding against potential threats arising from these vulnerabilities.
Additional context regarding the situations has been updated to relieve any prior misconceptions. The emphasis now correctly highlights that these issues pertain specifically to D-Link Wi-Fi cameras and video recorders, and not to routers, as was mistakenly stated earlier. The clarification is appreciated as public awareness of these risks continues to grow.
