A fresh CISA alert calls on federal agencies to urgently fix three old D-Link device flaws now being actively exploited by attackers.
Quick Summary – TLDR:
- CISA has added three high-severity vulnerabilities in D-Link cameras and NVRs to its Known Exploited Vulnerabilities (KEV) catalog
- These flaws allow for remote access, password theft, and OS command execution
- One vulnerability remains unpatched due to the device reaching end-of-life status
- Federal agencies must patch by August 26, while private firms are strongly urged to act
What Happened?
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has escalated its efforts to shield national networks by listing three actively exploited vulnerabilities in D-Link surveillance hardware. These flaws affect popular models of Wi-Fi cameras and network video recorders (NVRs). As cyberattacks on connected devices rise, federal agencies are required to patch the flaws by August 26, 2025.
⚠️ CISA Warns of D-Link Vulnerabilities Actively Exploited in Attacks
— Cyber Security News (@The_Cyber_News) August 6, 2025
Read more: https://t.co/oRox3u5Ebv
📌 CVE-2020-25078: An unspecified vulnerability affecting D-Link DCS-2530L and DCS-2670L security cameras.
📌 CVE-2020-25079: A command injection vulnerability, also… pic.twitter.com/45PwfYLPwn
D-Link Device Flaws Now Under Government Watch
On August 5, 2025, CISA updated its Known Exploited Vulnerabilities (KEV) catalog, a key list that identifies security bugs confirmed to be abused in the wild. The agency flagged three old but dangerous vulnerabilities in D-Link DCS-2530L, DCS-2670L cameras, and the DNR-322L network video recorder.
These are the three vulnerabilities:
- CVE-2020-25078 (CVSS 7.5): An unspecified vulnerability in DCS-2530L and DCS-2670L allows unauthenticated remote access to administrator passwords.
- CVE-2020-25079 (CVSS 8.8): A command injection vulnerability in the cgi-bin/ddns_enc.cgi file of the same devices enables authenticated attackers to run arbitrary OS commands.
- CVE-2022-40799 (CVSS 8.8): A flaw in the DNR-322L’s “Backup Config” feature lets authenticated users execute OS-level commands due to the lack of code integrity checks.
Urgent Patch Requirements for Federal Networks
Under Binding Operational Directive (BOD) 22-01, federal agencies must eliminate all KEV-listed vulnerabilities by their assigned deadlines. For these D-Link flaws, the deadline is August 26, 2025. The KEV catalog is a powerful tool that helps guide risk reduction across federal networks, and it’s updated as new threats emerge.
Even though the directive only applies to Federal Civilian Executive Branch (FCEB) entities, CISA is strongly advising private sector organizations to follow suit. Given the active exploitation and risk of data breaches, ignoring these flaws could have serious consequences.
FBI Warned of Scans Targeting Vulnerable Cameras
While CISA has not detailed how the vulnerabilities are being exploited, the FBI previously warned in December 2024 about HiatusRAT campaigns that were scanning for webcams vulnerable to CVE-2020-25078. That confirms attackers have been probing these weak points for months.
One alarming point is that CVE-2022-40799 remains unpatched, as the affected DNR-322L recorder hit end-of-life in November 2021. Users still relying on this device are strongly urged to discontinue use and upgrade immediately.
Why These Flaws Matter More Than Ever
D-Link’s surveillance devices are commonly used in both home and enterprise environments. Their exposure could enable hackers to:
- Access sensitive video feeds
- Hijack devices to pivot into larger network attacks
- Deploy malware or ransomware through compromised infrastructure
As cybercriminals increasingly target hardware-level vulnerabilities, this alert from CISA is a clear sign that even older devices must be managed securely.
SQ Magazine Takeaway
Honestly, if you’re still running one of these D-Link models, it’s time to make a move. These flaws are not just theoretical risks, they’re actively being exploited, and in some cases, you cannot patch them anymore. We often overlook our cameras and recorders, but they’re connected to your network just like a PC. And that means they can be an open door for attackers. Take this alert seriously and act now.
