clayton@site:~/news$ cat cve-2020-25079-d-link-dcs-2530l-and-dcs-2670l-devices.log

CVE-2020-25079 — D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability

2025-08-05 • CISA Known Exploited Vulnerability

[event] D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

> AFFECTED SOFTWARE

Field	Value
Vendor	D-Link
Product	DCS-2530L and DCS-2670L Devices
CWE	CWE-77
CVE ID	CVE-2020-25079
Date Added	2025-08-05
Due Date	2025-08-26
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due Date: 2025-08-26

> REFERENCES

[1] https://support.dlink.com/productinfo.aspx?m=DCS-2530L
[2] https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP1...
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-25079