The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert, adding three critical D-Link vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, confirming they are being actively exploited in real-world cyberattacks.
These vulnerabilities pose serious risks to both federal and non-federal networks by exposing IP cameras and video recorders to remote exploitation.
The affected vulnerabilities include:
- CVE-2020-25078 – An unspecified flaw in D-Link DCS-2530L and DCS-2670L security cameras
- CVE-2020-25079 – A command injection vulnerability impacting the same camera models
- CVE-2022-40799 – An insecure code download vulnerability in D-Link DNR-322L network video recorder
These types of vulnerabilities can serve as initial access points for attackers. For example:
- Command injection flaws allow execution of arbitrary commands, possibly leading to device takeover
- Unverified code downloads can let attackers install malware and use the device in botnets or broader network infiltration
CISA Mandate and Recommendations for Organizations
The addition of these CVEs to the KEV Catalog is mandated by Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate vulnerabilities by a specific deadline.
The KEV Catalog functions as a dynamic, high-priority vulnerability list, created to defend federal systems against actively exploited threats.
While BOD 22-01 is only enforceable for federal agencies, CISA strongly recommends that all organizations—public and private—take action. Ignoring these flaws can leave networks open to compromise via internet-facing devices.
CISA urges all entities to:
- Patch affected D-Link devices immediately by checking for available firmware updates
- Incorporate the KEV Catalog into regular vulnerability management workflows
- Monitor the catalog for continuous updates as new threats emerge
These actions are essential not only for compliance but also for securing network infrastructure from targeted attacks.
