CISA Adds Three D-Link Wi-Fi Camera Vulnerabilities to KEV Catalog Due to Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has added three older vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities, dating back to 2020 and 2022, have been included due to evidence of active exploitation. One of the vulnerabilities, CVE-2020-25078, has a CVSS score of 7.5, indicating a high severity level. The inclusion of these vulnerabilities in the KEV catalog underscores the ongoing risk posed by unpatched or outdated devices. This development highlights the critical need for organizations to maintain an up-to-date inventory of network devices and ensure that all known vulnerabilities are patched. Cybersecurity professionals should prioritize inventory management, patch management, network segmentation, and robust monitoring and detection mechanisms to mitigate the risks associated with these vulnerabilities. The active exploitation of these older vulnerabilities serves as a reminder of the importance of regular maintenance and updating of network devices to prevent potential compromises.