News Flash

Spy cameras at home? Your D-Link devices could be a cyber security time bomb

Old vulnerabilities, unsupported models and real-world attacks: the CISA warning urges users and companies to act fast

Spy cameras at home

5 September 2025

Table of contents

  • Global alert from CISA
  • The three key vulnerabilities
  • Unpatched devices = real risks
  • CISA’s order to federal agencies
  • Advice for users and organizations
  • Cyberbullying awareness through comics

Global alert from CISA

The Cyber Security and Infrastructure Security Agency (CISA) has issued a new warning: old vulnerabilities in D-Link devices are still actively being exploited by cybercriminals. And these are not new threats—they’ve been known since 2020.

Despite the release of patches for some models, many users and companies haven’t updated their devices, leaving their systems wide open to hackers.

The three key vulnerabilities

CISA recently updated its Known Exploited Vulnerabilities (KEV) catalog to include three critical issues affecting:

  • D-Link DCS-2530L
  • D-Link DCS-2670L
  • D-Link DNR-322L

These vulnerabilities are:

  • CVE-2020-25078: allows remote access to the admin password of the camera (CVSS score 7.5).
  • CVE-2020-25079: enables command injection via a cgi-bin script, once authenticated (CVSS 8.8).
  • CVE-2020-40799: allows arbitrary code execution on the DNR-322L DVR due to missing integrity checks (CVSS 8.8).
    ❗This one has not been patched as the product was declared end-of-life in 2021.

Unpatched devices = real risks

Using unpatched or outdated devices poses serious risks, including espionage, network breaches, infrastructure attacks, and malware infections.

Back in 2024, the FBI had already warned that the HiatusRAT botnet was actively scanning the internet for vulnerable D-Link cameras exploiting CVE-2020-25078.

CISA’s order to federal agencies

By August 26, 2025, all U.S. federal civilian agencies must have mitigated these vulnerabilities. This is part of a strategy to protect critical infrastructure and prevent large-scale cyber campaigns.

Advice for users and organizations

  • Update all supported devices immediately (patches were released in 2020).
  • Replace outdated or unsupported models (like the DNR-322L).
  • Monitor your network for signs of compromise.
  • Don’t underestimate old threats—they still claim victims.

Cyberbullying awareness through comics

In the same spirit of cyber security awareness, Red Hot Cyber launched the free comic book “Byte The Silence“, tackling the issue of cyberbullying. It’s a powerful educational tool for schools, parents, and teens—and even for bullies to reflect and change.

2
To top