The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.
The high-severity vulnerabilities, which are from 2020 and 2022, are listed below –
- CVE-2020-25078 (CVSS score: 7.5) – An unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow for remote administrator password disclosure
- CVE-2020-25079 (CVSS score: 8.8) – An authenticated command injection vulnerability in the cgi-bin/ddns_enc.cgi component affecting D-Link DCS-2530L and DCS-2670L devices
- CVE-2020-40799 (CVSS score: 8.8) – A download of code without an integrity check vulnerability in D-Link DNR-322L that could allow an authenticated attacker to execute operating system-level commands on the device
There are currently no details on how these shortcomings are being exploited in the wild, although a December 2024 advisory from the U.S. Federal Bureau of Investigation (FBI) warned of HiatusRAT campaigns actively scanning web cameras that are vulnerable to CVE-2020-25078.
It’s worth noting that CVE-2020-40799 remains unpatched due to the affected model reaching end-of-life (EoL) status as of November 2021. Users still relying on DNR-322L are advised to discontinue and replace them. Fixes for the other two flaws were released by D-Link in 2020.
In light of active exploitation, it’s essential that Federal Civilian Executive Branch (FCEB) agencies carry out the necessary mitigation steps by August 26, 2025, to secure their networks.
