The US Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws affecting D-Link routers to its known Exploited Vulnerabilities (KEV) catalogue based on evidence of aggressive wild exploitation.
High-strength vulnerabilities from 2020 and 2022 are listed below –
CVE-2020-25078 (CVSS score: 7.5) – Unspecified vulnerability in DCS-2530L and DCS-2670L devices CVE-2020-25079 (CVSS score: 8.8) – Command injection vulnerability demonstrating vulnerability in CGI-BIN/DNS_ECNS_ENC DCS-2530L and DCS-2670L devices CVE-2020-40799 (CVSS score: 8.8) – Download code without integrity check D-Link The vulnerability in DNR-322L allows an attacker who has been authenticated to execute operating system-level commands on a device that is capable of executing operating system-level commands.
Currently, there is no details on how these shortcomings are exploited in the wild, but an advisory from the US Federal Bureau of Investigation (FBI) in December 2024 warned about the Hiatusrat campaign, which aggressively scans vulnerable webcams against CVE-2020-25078.
It is worth noting that as of November 2021, CVE-2020-40799 remains below that CVE-2020-40799 is present as the affected model has reached end-of-life (EOL) status. The fix for the other two flaws was released by D-Link in 2020.
In light of active exploitation, it is essential that federal civil enforcement sector (FCEB) agencies implement necessary mitigation procedures by August 26, 2025 to ensure their networks.
Source link
