The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three old security flaws impacting D-Link routers to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation in the wild.

The high-severity vulnerabilities, which are from 2020 and 2022, are listed below -

CVE-2020-25078 (CVSS score: 7.5) - An unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow for remote administrator password disclosure

CVE-2020-25079 (CVSS score: 8.8) - An authenticated command injection vulnerability in the cgi-bin/ddns_enc.cgi component affecting D-Link DCS-2530L and DCS-2670L devices

CVE-2020-40799 (CVSS score: 8.8) - A download of code without an integrity check vulnerability in D-Link DNR-322L that co

See Full Page