Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation Wave
Summary
Hide ▲
Show ▼
CVE-2023-52163 is being exploited at scale against Digiever DS-2105 Pro NVRs, with multiple reports linking abuse to Mirai and ShadowV2 botnet delivery. The flaw is a post-authentication command injection issue in `time_tzsetup.cgi` that can lead to remote code execution on exposed devices. Because the devices are end-of-life and remain unpatched, defenders are being pushed toward isolation, credential changes, and removal from internet exposure.
Related Happenings
FFmpeg 8.1.2 security update (CVE-2026-8461)
Security Patch Release
H score36
First: 23.06.2026 00:05
Last: 23.06.2026 00:05
Sources 1
About this happening:
**FFmpeg** shipped **version 8.1.2** to fix **CVE-2026-8461** in the **MagicYUV decoder**, closing a heap out-of-bounds write that could affect **FFmpeg-based applications**. The...
FFmpeg 8.1.2 security update (CVE-2026-8461)
Security Patch ReleaseAbout this happening: **FFmpeg** shipped **version 8.1.2** to fix **CVE-2026-8461** in the **MagicYUV decoder**, closing a heap out-of-bounds write that could affect **FFmpeg-based applications**. The...
Check Point Remote Access VPN and Mobile Access authentication bypass (CVE-2026-50751)
Vulnerability
H score47
First: 08.06.2026 16:05
Last: 08.06.2026 16:05
Sources 1
About this happening:
**Check Point** warned that **CVE-2026-50751** is a **critical authentication bypass** in **Remote Access VPN** and **Mobile Access** deployments using **deprecated IKEv1**, letti...
Check Point Remote Access VPN and Mobile Access authentication bypass (CVE-2026-50751)
VulnerabilityAbout this happening: **Check Point** warned that **CVE-2026-50751** is a **critical authentication bypass** in **Remote Access VPN** and **Mobile Access** deployments using **deprecated IKEv1**, letti...
DD-WRT router firmware buffer overflow remote code execution flaw (CVE-2021-27137)
Vulnerability
H score45
First: 07.06.2026 17:17
Last: 07.06.2026 17:17
Sources 1
About this happening:
**DD-WRT router firmware** is affected by **CVE-2021-27137**, a **buffer overflow** now being used by **C0XMO** to deliver malware and enable **unauthenticated remote code executi...
DD-WRT router firmware buffer overflow remote code execution flaw (CVE-2021-27137)
VulnerabilityAbout this happening: **DD-WRT router firmware** is affected by **CVE-2021-27137**, a **buffer overflow** now being used by **C0XMO** to deliver malware and enable **unauthenticated remote code executi...
Magento exploitation wave for CVE-2026-45247
Exploitation Wave
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
About this happening:
Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Magento exploitation wave for CVE-2026-45247
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
PAN-OS / Prisma Access GlobalProtect authentication bypass (CVE-2026-0257, actively exploited)
Vulnerability
H score19
First: 30.05.2026 09:41
Last: 30.05.2026 09:41
Sources 1
About this happening:
**PAN-OS** and **Prisma Access** are affected by **CVE-2026-0257**, an **authentication bypass** in the **GlobalProtect portal and gateway** that can let attackers establish an **...
PAN-OS / Prisma Access GlobalProtect authentication bypass (CVE-2026-0257, actively exploited)
VulnerabilityAbout this happening: **PAN-OS** and **Prisma Access** are affected by **CVE-2026-0257**, an **authentication bypass** in the **GlobalProtect portal and gateway** that can let attackers establish an **...
Timeline
-
25.12.2025 10:07 1 articles · 6mo ago
CISA sets January 12, 2025 mitigation deadline for FCEB agencies
Legal Policy Action UpdateCISA recommends Federal Civilian Executive Branch agencies apply mitigations or discontinue use of Digiever DS-2105 Pro devices by January 12, 2025; owners are also advised to avoid internet exposure and change default credentials because the device is end-of-life and CVE-2023-52163 and CVE-2023-52164 remain unpatched.
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
-
25.12.2025 10:07 2 articles · 6mo ago
CISA adds Digiever DS-2105 Pro vulnerabilities to KEV catalog
Initial DisclosureCISA adds CVE-2023-52163 on Digiever DS-2105 Pro network video recorders to the KEV catalog after evidence of active exploitation, with Akamai and Fortinet reporting threat actors used the flaw to deliver Mirai and ShadowV2 botnets; the vulnerability is a command-injection issue that can enable post-authentication remote code execution via time_tzsetup.cgi.
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07