Article Details

CISA Adds 3 D-Link Router Flaws to KEV Catalog After Active Exploitation Reports. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities, which are from 2020 and 2022, are listed below - There are currently no details on how these shortcomings are being exploited in the wild, although a December 2024 advisory from the U.S. Federal Bureau of Investigation (FBI) warned of HiatusRAT campaigns actively scanning web cameras that are vulnerable to CVE-2020-25078. It's worth noting that CVE-2020-40799 remains unpatched due to the affected model reaching end-of-life (EoL) status as of November 2021. Users still relying on DNR-322L are advised to discontinue and replace them. Fixes for the other two flaws were released by D-Link in 2020. In light of active exploitation, it's essential that Federal Civilian Executive Branch (FCEB) agencies carry out the necessary mitigation steps by August 26, 2025, to secure their networks.