The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog to include several high-severity flaws affecting D-Link cameras and a Network Video Recorder (NVR), following evidence of active exploitation in real-world attacks.
Vulnerabilities and Affected Devices
CISA’s update targets the following D-Link products:
1. D-Link DCS-2530L and DCS-2670L Cameras
- CVE-2020-25078: This vulnerability allows unauthenticated attackers to retrieve administrator credentials through an insecure endpoint. Exploitation could result in complete, unauthorized device takeover.
- CVE-2020-25079: This command injection flaw enables authenticated attackers to execute arbitrary operating system commands, posing a severe risk of network-wide compromise.
2. D-Link DNR-322L Network Video Recorder
- CVE-2022-40799: This issue arises from the device’s failure to verify the integrity of code during downloads, making it possible for attackers to install and run malicious, trojanized updates. This represents a classic supply-chain risk vector.
Active Exploitation and Elevated Risk
These vulnerabilities are being actively exploited by threat actors. Attackers are leveraging the flaws to gain unauthorized access, execute arbitrary code, and establish persistent malware within victim networks. The situation is exacerbated by the fact that many impacted D-Link devices have reached End of Life (EOL) or End of Service (EOS), making future security patches unlikely and increasing the risk to organizations that continue to use them.
CISA Directives and Remediation Steps
In response, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies address these vulnerabilities by August 26, 2025. Required actions include applying available firmware updates, isolating at-risk devices, or removing unsupported hardware from service altogether.
Private sector organizations and individual users are strongly urged to:
- Audit their networks for the affected D-Link camera and NVR models
- Apply any available security patches promptly
- Where patches are not available, implement compensating controls such as network segmentation or isolation
- Replace unsupported devices to maintain robust network security
