top of page
Search

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

  • Dec 26, 2025
  • 2 min read

Key Findings


  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw in Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog.

  • The vulnerability, tracked as CVE-2023-52163, has a CVSS score of 8.8 and allows post-authentication remote code execution through a case of command injection.

  • CISA cited evidence of active exploitation of the flaw by threat actors to deliver botnets like Mirai and ShadowV2.

  • The vulnerability, along with an arbitrary file read bug (CVE-2023-52164, CVSS 5.1), remains unpatched as the device has reached end-of-life (EoL) status.


Background


Digiever DS-2105 Pro is a network video recorder (NVR) device used for video surveillance and security purposes. The device has been found to contain two vulnerabilities that are being actively exploited by threat actors.


Command Injection Vulnerability (CVE-2023-52163)


  • The vulnerability, which has a CVSS score of 8.8, allows an attacker to execute arbitrary commands on the affected device after authentication.

  • The flaw is located in the `time_tzsetup.cgi` script, which does not properly sanitize user input, leading to the command injection issue.

  • Successful exploitation of this vulnerability can grant an attacker full control over the affected NVR device.


Arbitrary File Read Vulnerability (CVE-2023-52164)


  • This vulnerability, with a CVSS score of 5.1, allows an attacker to read arbitrary files on the affected device after authentication.

  • The flaw is located in the `get_config_info.cgi` script, which does not properly validate user input, leading to the arbitrary file read issue.

  • While less severe than the command injection vulnerability, this flaw can still be exploited to gain sensitive information about the target system.


Exploitation and Mitigation


  • Threat actors have been actively exploiting these vulnerabilities to deliver malware, such as the Mirai and ShadowV2 botnets, to the affected NVR devices.

  • CISA has added CVE-2023-52163 to its KEV catalog, indicating the seriousness of the issue and the need for immediate action.

  • Since the Digiever DS-2105 Pro device has reached end-of-life status, no official patches are available.

  • To mitigate the risk, users are advised to avoid exposing the device to the internet and change the default username and password.

  • CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations or discontinue use of the product by January 12, 2025, to secure their network from active threats.


Sources


  • https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html

  • https://www.instagram.com/p/DSrfyxkD74n/

  • https://hackyourmom.com/en/novyny/cisa-poperedzhaye-pro-aktyvnu-ekspluatacziyu-krytychnoyi-vrazlyvosti-v-digiever-nvr-z-viddalenym-vykonannyam-kodu/

  • https://x.com/TheCyberSecHub/status/2004108907036434707

  • https://www.linkedin.com/posts/cyber-news-live_cisa-flags-actively-exploited-digiever-nvr-activity-7409938047191900160-cRsd

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page