CISA Adds Actively Exploited Digiever NVR Vulnerability to KEV Catalog

First reported

25.12.2025 10:07

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The flaw, tracked as CVE-2023-52163, allows post-authentication remote code execution via command injection. The vulnerability remains unpatched as the device has reached end-of-life (EoL) status. Threat actors are exploiting this flaw to deliver botnets like Mirai and ShadowV2. CISA recommends mitigations or discontinuation of the product by January 12, 2025.

Timeline

25.12.2025 10:07 1 articles · 23h ago

CISA Adds Actively Exploited Digiever NVR Vulnerability to KEV Catalog
CISA has added CVE-2023-52163, a critical vulnerability in Digiever DS-2105 Pro NVRs, to its KEV catalog due to active exploitation. The flaw allows post-authentication remote code execution and is being used to deliver botnets like Mirai and ShadowV2. The device's EoL status leaves it unpatched, prompting CISA to recommend mitigations or discontinuation by January 12, 2025.
Show sources

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
Open in new tab

Information Snippets

CVE-2023-52163 is a command injection vulnerability with a CVSS score of 8.8, allowing post-authentication remote code execution.
First reported: 25.12.2025 10:07

1 source, 1 article
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
The vulnerability is being actively exploited to deliver botnets such as Mirai and ShadowV2.
First reported: 25.12.2025 10:07

1 source, 1 article
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
The Digiever DS-2105 Pro device has reached end-of-life (EoL) status, leaving the vulnerability unpatched.
First reported: 25.12.2025 10:07

1 source, 1 article
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
CISA advises Federal Civilian Executive Branch (FCEB) agencies to apply mitigations or discontinue use of the product by January 12, 2025.
First reported: 25.12.2025 10:07

1 source, 1 article
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07