Ethical Hacking News
Three high-severity vulnerabilities impacting D-Link Wi-Fi cameras and video recorders have been added to the KEV catalog due to active exploitation reports. Organizations are advised to apply patches and updates as soon as possible to secure their networks and prevent potential breaches.
CISA has added three security flaws impacting D-Link Wi-Fi cameras and video recorders to its KEV catalog due to active exploitation reports. The vulnerabilities, from 2020 and 2022, include remote administrator password disclosure, authenticated command injection, and a download of code without an integrity check. Fixes for two flaws were released in 2020, but CVE-2020-40799 remains unpatched due to the affected model reaching EoL status. Federal Civilian Executive Branch agencies must apply patches and updates by August 26, 2025, to secure their networks. Organizations are advised to discontinue and replace DNR-322L devices with newer models that have been patched and updated.
Cybersecurity enthusiasts and experts alike are bracing themselves for a potentially catastrophic situation, as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added three security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. This move comes on the heels of active exploitation reports, which have raised concerns about the potential for widespread attacks.
These high-severity vulnerabilities, which are from 2020 and 2022, are as follows:
CVE-2020-25078 - An unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow for remote administrator password disclosure
CVE-2020-25079 - An authenticated command injection vulnerability in the cgi-bin/ddns_enc.cgi component affecting D-Link DCS-2530L and DCS-2670L devices
CVE-2020-40799 - A download of code without an integrity check vulnerability in D-Link DNR-322L that could allow an authenticated attacker to execute operating system-level commands on the device
The severity of these vulnerabilities cannot be overstated, as they pose a significant threat to the security and integrity of D-Link Wi-Fi cameras and video recorders. While fixes for two of the flaws were released by D-Link in 2020, CVE-2020-40799 remains unpatched due to the affected model reaching end-of-life (EoL) status as of November 2021.
In light of active exploitation reports, it is essential that Federal Civilian Executive Branch (FCEB) agencies carry out the necessary mitigation steps by August 26, 2025, to secure their networks. This includes applying patches and updates to affected devices, as well as implementing additional security measures to prevent potential breaches.
The recent addition of these vulnerabilities to the KEV catalog serves as a stark reminder of the importance of ongoing vulnerability monitoring and patch management. As threats continue to evolve and new weaknesses are discovered, it is crucial that organizations remain vigilant and proactive in addressing these issues.
In this context, the public and private sectors must work together to raise awareness about the potential risks associated with these vulnerabilities and to encourage timely patching and updating of affected devices. This collaborative effort will be essential in mitigating the impact of these security flaws and preventing potential breaches.
Furthermore, it is worth noting that CVE-2020-40799 remains unpatched due to the affected model reaching end-of-life (EoL) status as of November 2021. Users still relying on DNR-322L are advised to discontinue and replace them with newer models that have been patched and updated.
In conclusion, the recent addition of these vulnerabilities to the KEV catalog highlights the importance of ongoing vulnerability monitoring and patch management. As threats continue to evolve and new weaknesses are discovered, it is crucial that organizations remain vigilant and proactive in addressing these issues. By working together, we can mitigate the impact of these security flaws and prevent potential breaches.
Three high-severity vulnerabilities impacting D-Link Wi-Fi cameras and video recorders have been added to the KEV catalog due to active exploitation reports. Organizations are advised to apply patches and updates as soon as possible to secure their networks and prevent potential breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Concerns-Loom-D-Link-Router-Flaws-Exposed-Amid-Active-Exploitation-Reports-ehn.shtml
https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html
https://nvd.nist.gov/vuln/detail/CVE-2020-25078
https://www.cvedetails.com/cve/CVE-2020-25078/
https://nvd.nist.gov/vuln/detail/CVE-2020-25079
https://www.cvedetails.com/cve/CVE-2020-25079/
https://nvd.nist.gov/vuln/detail/CVE-2020-40799
https://www.cvedetails.com/cve/CVE-2020-40799/
Published: Wed Aug 6 01:50:01 2025 by llama3.2 3B Q4_K_M
