CISA Warns of D-Link Vulnerabilities Actively Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert, adding three vulnerabilities affecting D-Link devices to its Known Exploited Vulnerabilities (KEV) Catalog.

The inclusion of these flaws in the catalog signifies that they are being actively exploited by malicious cyber actors in real-world attacks, posing a significant threat to networks.

The three vulnerabilities impact several D-Link products and are now under a mandate for federal agencies to address. The specific vulnerabilities are:

• CVE-2020-25078: An unspecified vulnerability affecting D-Link DCS-2530L and DCS-2670L security cameras.
• CVE-2020-25079: A command injection vulnerability, also impacting the D-Link DCS-2530L and DCS-2670L camera models.
• CVE-2022-40799: A vulnerability that allows for the download of code without an integrity check in the D-Link DNR-322L network video recorder.

These types of security flaws are common entry points for attackers. Command injection vulnerabilities, for instance, can allow an attacker to execute arbitrary commands on the operating system of the device, potentially leading to a complete takeover.

Similarly, the ability to download and execute code without verifying its integrity opens the door for malware to be installed, turning the compromised device into a tool for broader network infiltration or a node in a botnet.

The addition of these CVEs to the KEV Catalog falls under the Binding Operational Directive (BOD) 22-01, a directive that mandates Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by a specified due date.

The directive established the KEV Catalog as a dynamic list of known CVEs that present a significant risk to the federal enterprise. The goal is to ensure that federal networks are protected against active and ongoing threats.

While BOD 22-01 is only mandatory for FCEB agencies, CISA has strongly urged all organizations, both public and private, to take this warning seriously.

The agency recommends that all entities reduce their exposure to cyberattacks by prioritizing the timely remediation of vulnerabilities listed in the KEV Catalog as a core part of their vulnerability management practices.

CISA continuously updates the catalog as new evidence of active exploitation emerges, based on a set of specified criteria.

Device owners are encouraged to check for firmware updates from the manufacturer and apply them immediately to mitigate these threats.

Equip your SOC with full access to the latest threat data from ANY.RUN TI Lookup that can Improve incident response -> Get 14-day Free Trial