The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three previously disclosed vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. This action was prompted by evidence indicating these flaws are being actively exploited in the wild, posing a significant risk to connected devices.

Key Takeaways

• CISA has added three D-Link vulnerabilities to its KEV catalog due to active exploitation.

• The vulnerabilities affect D-Link Wi-Fi cameras and video recorders.

• Federal agencies must implement mitigation by August 26, 2025.

D-Link Vulnerabilities Added to KEV Catalog

CISA's decision to include these vulnerabilities in the KEV catalog highlights the immediate threat they pose. The catalog mandates that federal agencies apply specific security measures by a set deadline to protect their networks. The vulnerabilities, dating back to 2020 and 2022, are detailed below:

• CVE-2020-25078 (CVSS score: 7.5): An unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow attackers to remotely discover administrator passwords.

• CVE-2020-25079 (CVSS score: 8.8): An authenticated command injection vulnerability within the cgi-bin/ddns_enc.cgi component, affecting D-Link DCS-2530L and DCS-2670L devices.

• CVE-2020-40799 (CVSS score: 8.8): A vulnerability in D-Link DNR-322L related to code download without integrity checks, potentially enabling authenticated attackers to execute operating system commands.

Active Exploitation and Mitigation Efforts

While specific details on the current exploitation methods remain scarce, a December 2024 advisory from the FBI warned of HiatusRAT campaigns actively targeting web cameras vulnerable to CVE-2020-25078. This underscores the real-world danger posed by these security weaknesses.

It is important to note that CVE-2020-40799 remains unpatched as the affected D-Link DNR-322L model reached its end-of-life status in November 2021. Users still employing this model are strongly advised to discontinue its use and replace it with a more secure alternative. D-Link had previously released patches for the other two vulnerabilities in 2020.

Mandated Action for Federal Agencies

In response to the active exploitation of these flaws, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies implement the necessary mitigation steps by August 26, 2025. This directive aims to bolster the security posture of federal networks against these known threats.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence, The Hacker News.