CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

Published:

25 december 2025 om 08:07:00

Alert date:

25 december 2025 om 09:02:33

Source:

thehackernews.com

Mobile & IoT, Network Infrastructure, Zero-Day Vulnerabilities, Ransomware & Malware

CISA added CVE-2023-52163 to its Known Exploited Vulnerabilities catalog due to active exploitation. The vulnerability affects Digiever DS-2105 Pro network video recorders and allows post-authentication remote code execution through command injection. The flaw has a CVSS score of 8.8, indicating high severity. Organizations using affected Digiever NVR systems should prioritize patching to prevent potential compromise.

Technical details

CVE-2023-52163 is a command injection vulnerability in Digiever DS-2105 Pro network video recorders with a CVSS score of 8.8. The flaw relates to missing authorization which allows for command injection via time_tzsetup.cgi, enabling post-authentication remote code execution. The vulnerability requires an attacker to be logged into the device and perform a crafted request. An additional arbitrary file read bug (CVE-2023-52164, CVSS score: 5.1) also affects the same device. Both vulnerabilities remain unpatched due to the device reaching end-of-life status.

Mitigation steps:

Avoid exposing the device to the internet, change the default username and password, apply necessary mitigations or discontinue use of the product. CISA recommends Federal Civilian Executive Branch agencies apply mitigations or discontinue use by January 12, 2025.

Affected products:

Digiever DS-2105 Pro network video recorders (NVRs)

Related CVE's:

CVE-2023-52163

CVE-2023-52164

Related threat actors:

Mirai

ShadowV2

IOC's:

This article was created with the assistance of AI technology by Perceptive.