Redazione RHC : 6 August 2025 14:04
Recently, cybercriminals have refocused on old vulnerabilities in popular D-Link Wi-Fi cameras and DVRs. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added three dangerous vulnerabilities to its catalog of actively exploited threats (KEVs), even though they were all discovered several years ago. This decision was made in light of new evidence showing that attackers continue to target vulnerable devices worldwide and that attacks have already been recorded in real networks.
The CISA list includes three vulnerabilities related to the D-Link DCS-2530L, DCS-2670L, and DNR-322L devices. The first, CVE-2020-25078 with a CVSS score of 7.5, allows remote access to the camera’s administrator password. No complex techniques are required for exploitation; Simply exploiting a flaw in the security mechanisms of these models is enough to discover key data for accessing the device.
The second issue, CVE-2020-25079, with a higher score of 8.8, is related to the ability to execute commands on the system via the cgi-bin/ddns_enc.cgi component. Exploiting this flaw requires authorization, but once access is gained, the attacker can inject their own commands into the device, significantly expanding the camera’s control capabilities.
The third vulnerability, CVE-2020-40799, also has a score of 8.8. It concerns the lack of integrity checks when loading code on the D-Link DNR-322L DVR,which allows the execution of arbitrary operating system-level commandsafter authorization, paving the way for malware installation and further control over the device.
Of particular note is the fact that the CVE-2020-40799 vulnerability has not yet been fixed by the manufacturer.
This is because the DNR-322L model is officially recognized as obsolete and is no longer supported by D-Link: its lifecycle ended in November 2021.Owners of these devices are advised to stop using them as soon as possible and switch to alternative solutions. more modern ones, in which the flaws have been resolved. Patches for the other two models were released in 2020; However, as statistics show, many organizations and private users have not yet updated their equipment and are at risk.
The relevance of the problem is confirmed by the fact that as early as December 2024, the US Federal Bureau of Investigation (FBI) issued a warning that the HiatusRAT botnet was actively scanning the internet for cameras with an unpatched vulnerability, CVE-2020-25078. This means that uncontrolled devices can be used for espionage, infrastructure attacks, and even to organize new botnets: similar events have already been recorded more than once in several countries.
US federal civilian agencies have been given a strict deadline: all measures to neutralize vulnerabilities must be implemented by August 26, 2025. These orders aim to protect critical networks from attacks that could lead to data leaks, interference with video surveillance, and other dangerous consequences. In today’s environment, unprotected cameras are becoming not only a target for hackers but also a tool for large-scale cyber campaigns, and their mass distribution only exacerbates the risks.
In the current situation, the task of promptly updating all devices used in corporate and home networks, as well as the mandatory retirement of unsupported models, is becoming increasingly urgent. Protecting digital infrastructure today is impossible without a timely response to emerging threats, even “obsolete” ones, especially when they are actively used by real attackers.
Redazione