The U.S. CISA has added three old security flaws in D-Link routers to its KEV catalog due to active exploitation. These vulnerabilities, dating from 2020 and 2022, pose significant risks to affected devices and networks. #DLink #KEV #CISA #CVE2020-25078 #CVE2020-25079 #CVE2020-40799
Keypoints
- CISA added three security flaws in D-Link routers to its Known Exploited Vulnerabilities list.
- The vulnerabilities include remote password disclosure, command injection, and code download without integrity checks.
- Some flaws have been exploited in the wild, with FBI warning of HiatusRAT campaigns targeting vulnerable web cameras.
- Firmware fixes were released in 2020, but CVE-2020-40799 remains unpatched due to device end-of-life status.
- Federal agencies must implement mitigation measures by August 26, 2025, to secure their networks.
Read More: https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html