CISA has identified three high-severity vulnerabilities in D-Link routers, listed in its Known Exploited Vulnerabilities catalog due to evidence of active exploitation. These vulnerabilities include CVE-2020-25078, leading to remote administrator password disclosure, CVE-2020-25079, an authenticated command injection issue, and CVE-2020-40799, which permits executing OS-level commands. Particularly, CVE-2020-40799 remains a concern as it is unpatched due to the device's end-of-life status. Federal agencies are urged to implement mitigation measures by August 26, 2025, to protect their systems.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three high-severity vulnerabilities in D-Link routers to its Known Exploited Vulnerabilities catalog due to active exploitation evidence.
CVE-2020-25078 could allow for remote administrator password disclosure, while CVE-2020-25079 and CVE-2020-40799 enable command injection and code execution vulnerabilities, respectively.
Collection
[
|
...
]