The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active attacks.
The flaw, identified as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution through a command injection vulnerability. According to CISA, “Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.”
Reports from Akamai and Fortinet indicate that threat actors are actively exploiting this vulnerability to deliver malware, including botnets such as Mirai and ShadowV2.
Security researcher Ta-Lun Yen of TXOne Research noted that this vulnerability, along with an arbitrary file read bug (CVE-2023-52164, CVSS score 5.1), remains unpatched because the device has reached its end-of-life (EoL) status.
Successful exploitation requires attackers to be authenticated on the device and to send a specifically crafted request. In the absence of a patch, users are strongly advised not to expose these devices to the internet and to change default usernames and passwords.
CISA has urged Federal Civilian Executive Branch (FCEB) agencies to either implement recommended mitigations or discontinue the use of affected devices by January 12, 2025, to prevent potential compromise from active threats.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
