- Description
- Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
- Products
- ds-2105_pro_firmware, ds-2105_pro\+_firmware
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Digiever DS-2105 Pro Missing Authorization Vulnerability
- Exploit added on
- Dec 22, 2025
- Exploit action due
- Jan 12, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
- Hype score
- Not currently trending
🚨 CVE-2023-52163 - high 🚨 Digiever DS-2105 Pro - Command Injection > Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized i... 👾 https://t.co/SS6VSTGg96 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
14 Jan 2026
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added CVE-2023-52163 to its Known Exploited Vulnerabilities catalog, highlighting a critical security flaw in Digiever DS-2105 Pro devices. The vulnerability stems from a missing authorization check in the timetzsetup.cgi component, which could enable attackers to
@ox0ffff
3 Jan 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Digiever DS-2105 Pro NVR [—] Dec 29, 2025 Security Advisory: Command Injection Vulnerability (CVE-2023-52163) and Risk Mitigation Guidance Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #CyberSecurity https://t.co/rH7Yr7sXwx
@transilienceai
29 Dec 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added a Digiever NVR bug to its exploited list after confirmed attacks. CVE-2023-52163 allows remote code execution through command injection once logged in. Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched. https://t.co/3NYAPPnwqj
@JacksonA55750
27 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163#How a 1-Line Exploit Lets the Mirai Botnet Watch Your Security Cameras in Real-Time Read the full report on - https://t.co/b8fU9kNbSZ https://t.co/Q4tPjyvKTU
@cyberbivash
27 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just added a critical vulnerability to its catalog that’s actively exploited. If you're not patching CVE-2023-52163, you're inviting disaster. #CyberSecurity #Infosec #AIRisk https://t.co/8MbKldb9Kv
@ai_tldr1
26 Dec 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Falha crítica em gravadores Digiever DS-2105 Pro permite execução remota:CISA alerta para vulnerabilidade CVE-2023-52163 que possibilita injeção de comandos após autenticação, usada em ataques com botnets Mirai e ShadowV2; dispositivo está sem patch por fim de suporte. h
@caveiratech
26 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Digiever NVR RCE to KEV as Mirai/ShadowV2 Botnets Exploit EoL Devices CISA added CVE-2023-52163 (CVSS 8.8) affecting Digiever DS-2105 Pro NVRs to the KEV list after active exploitation, where a post-auth command injection via time_tzsetup.cgi enables remote code
@ThreatSynop
25 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية في مسجلات الفيديو الشبكية من نوع Digiever إلى قائمة الثغرات المستغلة، مشيرة إلى وجود
@Cybercachear
25 Dec 2025
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added a Digiever NVR bug to its exploited list after confirmed attacks. CVE-2023-52163 allows remote code execution through command injection once logged in. Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched. 🔗 Read → https://
@TheHackersNews
25 Dec 2025
9144 Impressions
10 Retweets
35 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags Actively Exploited Digiever DS-2105 Pro Flaw (CVE-2023-52163) in KEV CISA added CVE-2023-52163 (CVSS 8.8) to its Known Exploited Vulnerabilities catalog after active exploitation of a command injection bug in the `time_tzsetup.cgi` endpoint on Digiever DS-2105 Pro
@ThreatSynop
24 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags Digiever NVR Flaw as Exploited Vulnerability CISA added a Digiever DS-2105 Pro flaw, CVE-2023-52163 (CVSS 8.8), to its Known Exploited Vulnerabilities catalog. The NVR device is vulnerable to remote exploits, emphasizing the need for immediate patching and mitigation
@Secwiserapp
23 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(12/22追加) 🛡️No.1485 CVE-2023-52163 Digiever DS-2105 Pro Missing Authorization Vulnerability ============= CVSSスコア: 8.8 (Base) / CISA-ADP CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/
@piyokango
23 Dec 2025
3979 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163 Exploited: Hackers Bypass Auth to Gain Full Control of Digiever NVR Systems Read the full report on - https://t.co/QvRUynMqs0 https://t.co/QZSUong47K
@cyberbivash
23 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163 impacts Digiever DS-2105 Pro (3.1.0.71-11): missing authorization enabling command injection via time_tzsetup.cgi. Treat exposed NVR/DVR management interfaces as high risk and isolate/segment immediately. https://t.co/1iz368ERnI
@BOMvault
22 Dec 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Digiever DS-2105 Pro missing authorization vulnerability CVE-2023-52163 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Yb2jmZrRf4
@CISACyber
22 Dec 2025
4666 Impressions
9 Retweets
29 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163 Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the … https://t.co/kKm5M9YaaB
@CVEnew
3 Feb 2025
199 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digiever:ds-2105_pro_firmware:3.1.0.71-11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E34BBAA-9BA1-426D-B25A-F718B9F65D4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digiever:ds-2105_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C110DB3-9915-4DB4-933D-2EA222841CA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digiever:ds-2105_pro\\+_firmware:3.1.0.71-11:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8A7902-3D5A-4446-9243-0119C3BB32D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digiever:ds-2105_pro\\+:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2352C8C4-144E-4B9D-B9DF-A7B7B2B7FFEB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]