Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)

Exploitation Wave
First reported
Last updated
Happening score
H score 52
1 unique sources, 1 articles

Summary

Hide ▲

CVE-2023-52163 is being exploited at scale against Digiever DS-2105 Pro NVRs, with multiple reports linking abuse to Mirai and ShadowV2 botnet delivery. The flaw is a post-authentication command injection issue in `time_tzsetup.cgi` that can lead to remote code execution on exposed devices. Because the devices are end-of-life and remain unpatched, defenders are being pushed toward isolation, credential changes, and removal from internet exposure.

Related Happenings

Universal Robots PolyScope 5 Dashboard Server command injection (CVE-2026-8153)

Vulnerability
First: 20.05.2026 19:12 Last: 20.05.2026 19:12 Sources 1

About this happening: **CVE-2026-8153** patches a **critical command injection** flaw in **Universal Robots PolyScope 5 Dashboard Server** that could let an **unauthenticated attacker** execute command...

Open Happening

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

Mirai-based CVE-2025-29635 D-Link DIR-823X botnet-enlistment campaign

Campaign
First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: The **Mirai-based malware campaign** is **actively exploiting CVE-2025-29635** against **D-Link DIR-823X routers**, turning vulnerable devices into botnet nodes. The activity matt...

Open Happening

D-Link DIR-823X command-injection RCE (CVE-2025-29635)

Vulnerability
First: 22.04.2026 23:04 Last: 22.04.2026 23:04 Sources 1

About this happening: **CVE-2025-29635** is now being **actively exploited** on **D-Link DIR-823X routers**, turning a command-injection flaw into **remote command execution** and **botnet enrollment**...

Open Happening

TBK DVR command injection flaw actively exploited (CVE-2024-3721)

Vulnerability
First: 20.04.2026 16:01 Last: 20.04.2026 16:01 Sources 1

About this happening: The **CVE-2024-3721** command injection flaw in **TBK DVR systems** is being actively exploited to gain access and install **Nexcorium** malware. Attackers abuse **crafted request...

Open Happening

Timeline

  1. 25.12.2025 10:07 1 articles · 5mo ago

    CISA sets January 12, 2025 mitigation deadline for FCEB agencies

    Legal Policy Action Update

    CISA recommends Federal Civilian Executive Branch agencies apply mitigations or discontinue use of Digiever DS-2105 Pro devices by January 12, 2025; owners are also advised to avoid internet exposure and change default credentials because the device is end-of-life and CVE-2023-52163 and CVE-2023-52164 remain unpatched.

    Show sources
    Open in new tab
  2. 25.12.2025 10:07 2 articles · 5mo ago

    CISA adds Digiever DS-2105 Pro vulnerabilities to KEV catalog

    Initial Disclosure

    CISA adds CVE-2023-52163 on Digiever DS-2105 Pro network video recorders to the KEV catalog after evidence of active exploitation, with Akamai and Fortinet reporting threat actors used the flaw to deliver Mirai and ShadowV2 botnets; the vulnerability is a command-injection issue that can enable post-authentication remote code execution via time_tzsetup.cgi.

    Show sources
    Open in new tab