Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, warning FCEB agencies of potential cyber threats.
D-Link Wi-Fi cameras and video recorders are vulnerable to three old security flaws impacting the Federal Civilian Executive Branch (FCEB) agencies. The vulnerabilities, CVE-2020-25078, CVE-2020-25079, and CVE-2020-40799, pose a significant risk to FCEB agencies that rely on these devices for their operations. Users still relying on DNR-322L are advised to discontinue and replace them with newer, patched devices due to the vulnerability remaining unpatched. FCEB agencies must patch vulnerable devices, implement strict access controls, and monitor systems by August 26, 2025, to secure their networks.
In a recent development that highlights the ever-present threat of cyber attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity vulnerabilities, which are from 2020 and 2022, pose a significant risk to the Federal Civilian Executive Branch (FCEB) agencies that rely on these devices for their operations.
The first vulnerability, CVE-2020-25078, is an unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow for remote administrator password disclosure. This means that an attacker could potentially gain access to the device's administrative interface by exploiting this vulnerability. The second vulnerability, CVE-2020-25079, is an authenticated command injection vulnerability in the cgi-bin/ddns_enc.cgi component affecting D-Link DCS-2530L and DCS-2670L devices. This allows an attacker to inject malicious commands into the device's system, potentially leading to unauthorized access or further exploitation.
The third vulnerability, CVE-2020-40799, is a download of code without an integrity check vulnerability in D-Link DNR-322L that could allow an authenticated attacker to execute operating system-level commands on the device. This is particularly concerning as it allows an attacker to potentially take control of the device or use it as a launching point for further attacks.
It's worth noting that CVE-2020-40799 remains unpatched due to the affected model reaching end-of-life (EoL) status as of November 2021. Users still relying on DNR-322L are advised to discontinue and replace them with newer, patched devices. Fixes for the other two flaws were released by D-Link in 2020.
In light of active exploitation, it's essential that FCEB agencies carry out the necessary mitigation steps by August 26, 2025, to secure their networks. This includes patching vulnerable devices, implementing strict access controls, and monitoring systems for signs of unauthorized activity.
The CISA advisory on these vulnerabilities serves as a reminder of the ongoing threat landscape in the cybersecurity world. As technology continues to evolve at an unprecedented rate, new vulnerabilities are constantly being discovered, and old ones remain exploitable if not addressed promptly.
Furthermore, this incident highlights the importance of regular vulnerability assessments and penetration testing for organizations relying on third-party devices or software. Such tests can help identify potential vulnerabilities before they are exploited by malicious actors.
The addition of these D-Link vulnerabilities to the KEV catalog is a strong warning to FCEB agencies to take immediate action to protect their networks. By prioritizing cybersecurity and implementing robust security measures, organizations can minimize the risk of successful attacks and ensure the continued integrity of their systems.
In conclusion, the exposure of these three D-Link vulnerabilities serves as a stark reminder of the importance of ongoing cybersecurity vigilance. FCEB agencies must take immediate action to patch vulnerable devices, implement strict access controls, and monitor systems for signs of unauthorized activity. By doing so, they can protect themselves against potential cyber threats and maintain the security of their networks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog, warning FCEB agencies of potential cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Alert-D-Link-Vulnerabilities-Exposed-Amid-Active-Exploitation-ehn.shtml
https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html
https://nvd.nist.gov/vuln/detail/CVE-2020-25078
https://www.cvedetails.com/cve/CVE-2020-25078/
https://nvd.nist.gov/vuln/detail/CVE-2020-25079
https://www.cvedetails.com/cve/CVE-2020-25079/
https://nvd.nist.gov/vuln/detail/CVE-2020-40799
https://www.cvedetails.com/cve/CVE-2020-40799/
Published: Wed Aug 6 03:19:44 2025 by llama3.2 3B Q4_K_M
