Ethical Hacking News
U.S. Cybersecurity Agency Identifies New Vulnerabilities in D-Link Cameras and Network Video Recorders
A recent update by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified multiple security flaws in various D-Link products, including cameras and network video recorders. These vulnerabilities pose a significant risk to networks if left unaddressed, highlighting the importance of conducting regular security audits and implementing necessary patches or updates.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified multiple security flaws in D-Link products. CISA is requiring federal agencies to address the vulnerabilities by August 26, 2025. Three vulnerabilities have been identified: CVE-2020-25078, CVE-2020-25079, and CVE-2022-40799. Vulnerabilities allow remote or authenticated access to devices, potentially leading to unauthorized access or control of the network. Experts urge private organizations to review their infrastructure and implement patches or updates to prevent exploitation.
In a recent update to its list of known exploited vulnerabilities, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified multiple security flaws in various D-Link products. Specifically, these include the DCS-2530L and DCS-2670L devices as well as the Network Video Recorder feature. According to the agency's latest Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, all federal agencies are required to address the identified vulnerabilities by August 26, 2025.
The first identified vulnerability is CVE-2020-25078, which allows remote attackers to access the admin password via an unauthenticated endpoint in D-Link DCS-2530L (pre-1.06.01 Hotfix) and DCS-2670L (up to 2.02). This means that an attacker could potentially gain unauthorized access to the device if they can find a way to exploit this vulnerability.
The second identified vulnerability is CVE-2020-25079, which is related to command injection in the cgi-bin/ddns_enc.cgi feature of D-Link DCS-2530L (pre-1.06.01 Hotfix) and DCS-2670L (up to 2.02). This vulnerability allows authenticated attackers to inject malicious commands into the device.
The third identified vulnerability is CVE-2022-40799, which involves a data integrity flaw in the “Backup Config” feature of D-Link DNR-322L (version 2.60B15). According to CISA, this vulnerability lets authenticated attackers run OS-level commands on the device. This means that if an attacker can exploit this vulnerability, they could potentially gain access to sensitive data or even take control of the entire network.
Experts are warning private organizations to review the catalog and address these vulnerabilities in their infrastructure as soon as possible. CISA is also reminding federal agencies to fix these vulnerabilities by August 26, 2025, to protect their networks against attacks exploiting the flaws in the catalog.
In light of these new identified vulnerabilities, it is essential for network administrators to conduct a thorough security audit and implement necessary patches or updates to prevent potential exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/US-Cybersecurity-Agency-Identifies-New-Vulnerabilities-in-D-Link-Cameras-and-Network-Video-Recorders-ehn.shtml
https://securityaffairs.com/180833/security/u-s-cisa-adds-d-link-cameras-and-network-video-recorder-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Published: Wed Aug 6 01:56:13 2025 by llama3.2 3B Q4_K_M
