AI description
CVE-2023-52163 is a missing authorization vulnerability affecting DigiEver DS-2105 Pro devices. It allows attackers to execute unauthorized commands through the `time_tzsetup.cgi` interface due to improper access controls. This command injection vulnerability enables remote attackers to inject malicious commands without proper authentication. The vulnerability stems from a failure in the system's ability to verify user permissions. Successful exploitation could allow attackers to manipulate security footage, disable surveillance capabilities, or pivot deeper into enterprise networks. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild.
- Description
- Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
- Products
- ds-2105_pro_firmware, ds-2105_pro\+_firmware
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Digiever DS-2105 Pro Missing Authorization Vulnerability
- Exploit added on
- Dec 22, 2025
- Exploit action due
- Jan 12, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
- Hype score
- Not currently trending
🚨 CVE-2023-52163 - high 🚨 Digiever DS-2105 Pro - Command Injection > Digiever DS-2105 Pro 3.1.0.71-11 contains a command injection caused by unsanitized i... 👾 https://t.co/SS6VSTGg96 @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
14 Jan 2026
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA has added CVE-2023-52163 to its Known Exploited Vulnerabilities catalog, highlighting a critical security flaw in Digiever DS-2105 Pro devices. The vulnerability stems from a missing authorization check in the timetzsetup.cgi component, which could enable attackers to
@ox0ffff
3 Jan 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Digiever DS-2105 Pro NVR [—] Dec 29, 2025 Security Advisory: Command Injection Vulnerability (CVE-2023-52163) and Risk Mitigation Guidance Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z https://t.co/QuwNtEhw6z #CyberSecurity https://t.co/rH7Yr7sXwx
@transilienceai
29 Dec 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added a Digiever NVR bug to its exploited list after confirmed attacks. CVE-2023-52163 allows remote code execution through command injection once logged in. Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched. https://t.co/3NYAPPnwqj
@JacksonA55750
27 Dec 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163#How a 1-Line Exploit Lets the Mirai Botnet Watch Your Security Cameras in Real-Time Read the full report on - https://t.co/b8fU9kNbSZ https://t.co/Q4tPjyvKTU
@cyberbivash
27 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA just added a critical vulnerability to its catalog that’s actively exploited. If you're not patching CVE-2023-52163, you're inviting disaster. #CyberSecurity #Infosec #AIRisk https://t.co/8MbKldb9Kv
@ai_tldr1
26 Dec 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Falha crítica em gravadores Digiever DS-2105 Pro permite execução remota:CISA alerta para vulnerabilidade CVE-2023-52163 que possibilita injeção de comandos após autenticação, usada em ataques com botnets Mirai e ShadowV2; dispositivo está sem patch por fim de suporte. h
@caveiratech
26 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA Adds Digiever NVR RCE to KEV as Mirai/ShadowV2 Botnets Exploit EoL Devices CISA added CVE-2023-52163 (CVSS 8.8) affecting Digiever DS-2105 Pro NVRs to the KEV list after active exploitation, where a post-auth command injection via time_tzsetup.cgi enables remote code
@ThreatSynop
25 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أضافت وكالة الأمن السيبراني والبنية التحتية الأمريكية (CISA) ثغرة أمنية في مسجلات الفيديو الشبكية من نوع Digiever إلى قائمة الثغرات المستغلة، مشيرة إلى وجود
@Cybercachear
25 Dec 2025
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added a Digiever NVR bug to its exploited list after confirmed attacks. CVE-2023-52163 allows remote code execution through command injection once logged in. Researchers link it to Mirai and ShadowV2 botnets. The device is end-of-life and unpatched. 🔗 Read → https://
@TheHackersNews
25 Dec 2025
9144 Impressions
10 Retweets
35 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨 CISA Flags Actively Exploited Digiever DS-2105 Pro Flaw (CVE-2023-52163) in KEV CISA added CVE-2023-52163 (CVSS 8.8) to its Known Exploited Vulnerabilities catalog after active exploitation of a command injection bug in the `time_tzsetup.cgi` endpoint on Digiever DS-2105 Pro
@ThreatSynop
24 Dec 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Flags Digiever NVR Flaw as Exploited Vulnerability CISA added a Digiever DS-2105 Pro flaw, CVE-2023-52163 (CVSS 8.8), to its Known Exploited Vulnerabilities catalog. The NVR device is vulnerable to remote exploits, emphasizing the need for immediate patching and mitigation
@Secwiserapp
23 Dec 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(12/22追加) 🛡️No.1485 CVE-2023-52163 Digiever DS-2105 Pro Missing Authorization Vulnerability ============= CVSSスコア: 8.8 (Base) / CISA-ADP CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/
@piyokango
23 Dec 2025
3979 Impressions
2 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163 Exploited: Hackers Bypass Auth to Gain Full Control of Digiever NVR Systems Read the full report on - https://t.co/QvRUynMqs0 https://t.co/QZSUong47K
@cyberbivash
23 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163 impacts Digiever DS-2105 Pro (3.1.0.71-11): missing authorization enabling command injection via time_tzsetup.cgi. Treat exposed NVR/DVR management interfaces as high risk and isolate/segment immediately. https://t.co/1iz368ERnI
@BOMvault
22 Dec 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Digiever DS-2105 Pro missing authorization vulnerability CVE-2023-52163 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/Yb2jmZrRf4
@CISACyber
22 Dec 2025
4666 Impressions
9 Retweets
29 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2023-52163 Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the … https://t.co/kKm5M9YaaB
@CVEnew
3 Feb 2025
199 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digiever:ds-2105_pro_firmware:3.1.0.71-11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E34BBAA-9BA1-426D-B25A-F718B9F65D4C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digiever:ds-2105_pro:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0C110DB3-9915-4DB4-933D-2EA222841CA1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:digiever:ds-2105_pro\\+_firmware:3.1.0.71-11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD8A7902-3D5A-4446-9243-0119C3BB32D5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:digiever:ds-2105_pro\\+:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2352C8C4-144E-4B9D-B9DF-A7B7B2B7FFEB"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]