The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified and added three significant vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. This update reflects growing concerns over active exploitation of these security flaws.
Among the vulnerabilities is CVE-2020-25078, which has been assigned a CVSS score of 7.5. This flaw allows for remote administrator password disclosure in specific D-Link models, including the DCS-2530L and DCS-2670L. Another critical issue, CVE-2020-25079, carries a higher severity score of 8.8 and allows for authenticated command injection vulnerabilities in the affected devices. Furthermore, CVE-2020-40799 poses risks by permitting unauthorized code downloads, enabling attackers to execute commands at the operating system level.
Although exact details on the exploitation methods remain scarce, a longstanding advisory from the FBI highlighted HiatusRAT campaigns aimed at vulnerable web cameras, underscoring the urgency of addressing these vulnerabilities.
It is crucial to note that CVE-2020-40799 remains unpatched as the affected DNR-322L model reached end-of-life status in November 2021. Consequently, users are urged to discontinue the use of these devices. D-Link promptly released fixes for the other identified vulnerabilities back in 2020, but users must take action to safeguard their devices against potential threats. All Federal Civilian Executive Branch (FCEB) agencies are mandated to implement necessary mitigation steps by August 26, 2025, to enhance their security posture against these vulnerabilities.