CISA Adds Three D-Link Vulnerabilities to KEV Catalog Following Evidence of Active Exploitation

Published:

spot_img

Aug 06, 2025Ravie LakshmananVulnerability / Firmware Security

Critical Vulnerabilities Found in D-Link Devices

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three significant security vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. This decision was largely driven by verified reports of these flaws being actively exploited. These vulnerabilities date back to 2020 and 2022, underscoring that even older technology can pose serious security risks.

Overview of the Vulnerabilities

The identified vulnerabilities carry high severity ratings, with the severity scores outlined below:

  • CVE-2020-25078 (CVSS score: 7.5) – This vulnerability in D-Link devices DCS-2530L and DCS-2670L could permit unauthorized remote disclosure of administrator passwords.
  • CVE-2020-25079 (CVSS score: 8.8) – An authenticated command injection flaw located in the cgi-bin/ddns_enc.cgi component of DCS-2530L and DCS-2670L devices poses a significant threat.
  • CVE-2020-40799 (CVSS score: 8.8) – This vulnerability affects the D-Link DNR-322L, allowing an authenticated attacker to execute operating system-level commands due to a lack of integrity checks during a code download.

Current Exploitation Status

While details on the specific exploitation methods remain unclear, a December 2024 advisory from the Federal Bureau of Investigation (FBI) highlighted active campaigns, particularly focusing on vulnerabilities like CVE-2020-25078. The HiatusRAT campaigns are reportedly scanning vulnerable web cameras to exploit these security flaws.

Patch and Lifecycle Concerns

Unfortunately, CVE-2020-40799 remains unpatched because the affected DNR-322L model reached its end-of-life (EoL) status in November 2021. Users of this outdated device are strongly encouraged to stop using them and consider upgrading to newer models with robust security support. Patches for the other two vulnerabilities were made available by D-Link in 2020, providing some options for users to secure their devices.

Recommended Actions for Agencies

In light of the ongoing exploitation of these vulnerabilities, it is imperative that Federal Civilian Executive Branch (FCEB) agencies conduct necessary mitigation measures by August 26, 2025, to ensure the integrity of their networks. This proactive approach will help in safeguarding against potential threats arising from these vulnerabilities.

Additional context regarding the situations has been updated to relieve any prior misconceptions. The emphasis now correctly highlights that these issues pertain specifically to D-Link Wi-Fi cameras and video recorders, and not to routers, as was mistakenly stated earlier. The clarification is appreciated as public awareness of these risks continues to grow.

spot_img

Related articles

Recent articles

AI-Powered Risk Management Strengthens Banks’ Competitive Edge Through Digital Innovation

AI-Powered Risk Management Strengthens Banks' Competitive Edge Through Digital Innovation The banking sector is undergoing a significant transformation, driven by rising customer expectations, increasingly complex...

GitHub Strengthens Software Supply Chain Security by Updating actions/checkout to Block Pwn Request Attacks

GitHub Strengthens Software Supply Chain Security by Updating actions/checkout to Block Pwn Request Attacks In a significant move to bolster software supply chain security, GitHub...

Five Eyes Warn: AI Rapidly Obsoletes Cyber Risk Assumptions

Five Eyes Warn: AI Rapidly Obsoletes Cyber Risk Assumptions The rapid evolution of AI cyber risk has prompted a significant alert from the Five Eyes...

UAE Firms Face Critical Shift from E-Invoicing Awareness to Action Ahead of 2027 Mandate, Warns ClearTax Founder

UAE Firms Face Critical Shift from E-Invoicing Awareness to Action Ahead of 2027 Mandate, Warns ClearTax Founder As the UAE gears up for its mandatory...