December 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Trend Micro Apex One Vulnerabilities
August 6, 2025Dell Laptops Exposed to Hijacking and Persistent Malware
August 6, 2025Multiple Trend Micro Apex One Vulnerabilities
August 6, 2025Dell Laptops Exposed to Hijacking and Persistent Malware
August 6, 2025
Severity
High
Analysis Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three old D-Link security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild. These high-severity flaws affect D-Link Wi-Fi cameras and video recorders and were originally disclosed between 2020 and 2022.
The vulnerabilities are as follows:
- CVE-2020-25078 (CVSS 7.5): A vulnerability in D-Link DCS-2530L and DCS-2670L devices that may allow remote attackers to access the administrator password.
- CVE-2020-25079 (CVSS 8.8): A command injection vulnerability in the cgi-bin/ddns_enc.cgi component, allowing authenticated attackers to execute arbitrary commands.
- CVE-2020-40799 (CVSS 8.8): A code download vulnerability without integrity checks in the D-Link DNR-322L, which could enable authenticated attackers to run operating system-level commands.
Although technical details on current exploitation techniques are not available, a December 2024 FBI advisory had already warned of HiatusRAT campaigns actively scanning for cameras vulnerable to CVE-2020-25078.
Of concern is the fact that CVE-2020-40799 remains unpatched, as the DNR-322L device reached end-of-life in November 2021. Users are strongly urged to discontinue using these outdated devices. Meanwhile, patches for CVE-2020-25078 and CVE-2020-25079 were released by D-Link in 2020.
In response to the threat, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies implement required mitigation measures by August 26, 2025, to protect their networks from potential compromise through these known exploited vulnerabilities.
Impact
- Command Execution
- Unauthorized Access
- Information Disclosure
Indicators of Compromise
CVE
CVE-2020-25078
CVE-2020-25079
CVE-2020-40799
Affected Vendors
- D-Link
Affected Products
- D-Link DCS-2530L 1.05.05
- D-Link DCS-2670L 2.02
- D-Link DNR-322L
Remediation
- Install the 2020 security updates released by D-Link for CVE-2020-25078 and CVE-2020-25079
- Replace D-Link DNR-322L units as no patch exists due to end-of-life status
- Segment IoT devices from critical networks to limit potential exploitation
- Use network monitoring tools to detect unusual behavior linked to HiatusRAT or other threats
- Ensure all connected devices run the latest vendor-supported firmware versions
- Disable unnecessary remote access features on cameras and recorders
- Change default passwords and use complex, unique login credentials