Particle.news
Download on the App Store
5 ARTICLES
·
6d ago

CISA Adds Three D-Link Router Flaws to Known Exploited Vulnerabilities Catalog

A federal deadline of August 26 requires agencies to patch or retire legacy D-Link devices following evidence of in-the-wild exploitation.

Image

Overview

  • CISA listed CVE-2020-25078, CVE-2020-25079 and CVE-2020-40799 in its KEV catalog after reports of active targeting of D-Link cameras and routers
  • CVE-2020-25078 and CVE-2020-25079 affect DCS-2530L and DCS-2670L cameras by exposing admin passwords and enabling authenticated command injection
  • CVE-2020-40799 leaves DNR-322L DVRs vulnerable to OS-level command execution through unverified code downloads and remains unpatched since its November 2021 end-of-life
  • A December 2024 FBI advisory linked scanning activity by HiatusRAT malware to the camera flaws, though public details of actual exploits are lacking
  • Federal Civilian Executive Branch agencies must complete firmware mitigations or decommission unsupported devices by August 26 under BOD 22-01 cloud-security standards