CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 26, 2025

CVE-2022-40799

High

EPSS 37.1%CISA KEV

D-Link/DNR-322L

Description

D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

EPSS — Exploit Probability

37.1%

Higher than 97.1% of all CVEs

Required Action

https://www.dlink.com/uk/en/products/dnr-322l-cloud-network-video-recorder ; https://nvd.nist.gov/vuln/detail/CVE-2022-40799

Risk Assessment

ELEVATED

In CISA KEV

Details

Severity: High
EPSS: 37.1%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Aug 5, 2025

Added to KEV

Aug 5, 2025

Remediation Due

Aug 26, 2025

Affected Product

D-Link

DNR-322L

View all D-Link CVEs

External Links

NVD (NIST)CVE Details MITRE CVE