The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added three significant vulnerabilities affecting D-Link devices to its Known Exploited Vulnerabilities (KEV) Catalog. This inclusion indicates that these security flaws are being actively exploited by malicious actors, posing substantial risks to networks utilizing these devices.
Identified Vulnerabilities:
1. CVE-2020-25078: An unspecified vulnerability impacting D-Link DCS-2530L and DCS-2670L security cameras.
2. CVE-2020-25079: A command injection vulnerability also affecting the D-Link DCS-2530L and DCS-2670L camera models.
3. CVE-2022-40799: A flaw in the D-Link DNR-322L network video recorder that allows for the download of code without an integrity check.
These vulnerabilities serve as common entry points for attackers. Command injection flaws, for instance, can enable unauthorized execution of commands on the device’s operating system, potentially leading to full system compromise. Similarly, the ability to download and execute code without verifying its integrity opens the door for malware installation, turning the compromised device into a tool for broader network infiltration or inclusion in a botnet.
CISA’s Directive and Recommendations:
The addition of these vulnerabilities to the KEV Catalog falls under Binding Operational Directive (BOD) 22-01, which mandates Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by specified deadlines. The KEV Catalog is a dynamic list of known Common Vulnerabilities and Exposures (CVEs) that present significant risks to the federal enterprise. The objective is to ensure that federal networks are safeguarded against active and ongoing threats.
While BOD 22-01 is mandatory for FCEB agencies, CISA strongly urges all organizations, both public and private, to take this warning seriously. The agency recommends that all entities reduce their exposure to cyberattacks by prioritizing the timely remediation of vulnerabilities listed in the KEV Catalog as a core part of their vulnerability management practices. CISA continuously updates the catalog as new evidence of active exploitation emerges, based on specified criteria.
Impacted Devices and Mitigation Measures:
The vulnerabilities affect several D-Link products, including:
– D-Link DCS-2530L and DCS-2670L security cameras
– D-Link DNR-322L network video recorder
Device owners are encouraged to check for firmware updates from the manufacturer and apply them immediately to mitigate these threats. In cases where devices have reached their end-of-life (EOL) status and no patches are available, it is advisable to retire and replace them with supported models to ensure network security.
Broader Implications:
The active exploitation of these vulnerabilities underscores the critical importance of maintaining up-to-date hardware and software. Organizations should implement robust vulnerability management programs that include regular patching, network segmentation, and continuous monitoring to detect and respond to potential threats promptly.
In conclusion, the recent alert from CISA serves as a stark reminder of the ever-evolving cyber threat landscape. Organizations must remain vigilant, proactively address known vulnerabilities, and adopt comprehensive security measures to protect their networks and sensitive information from malicious actors.
