Digiever DS-2105 Pro actively exploited command injection RCE (CVE-2023-52163)
Vulnerability
Summary
Hide ▲
Show ▼
Digiever DS-2105 Pro NVRs are exposed to CVE-2023-52163, a post-authentication command injection flaw that can lead to remote code execution and has been actively exploited. CISA added the vulnerability to the KEV catalog, underscoring real-world risk for organizations still running the affected devices. The flaw remains unpatched because the product is end-of-life, so exposure reduction and access restrictions are the main defenses.
Related Happenings
Magento exploitation wave for CVE-2026-45247
Exploitation Wave
H score9
First: 04.06.2026 10:19
Last: 04.06.2026 10:19
Sources 1
About this happening:
Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
Magento exploitation wave for CVE-2026-45247
Exploitation WaveAbout this happening: Active exploitation of **CVE-2026-45247** is hitting **Mirasvit Cache Warmer** on **Magento** stores, with malicious requests carrying serialized PHP payloads that can lead to **r...
CISA KEV remediation for Android and Linux vulnerabilities
Advisory/Mitigation
H score57
First: 03.06.2026 18:36
Last: 03.06.2026 18:36
Sources 1
About this happening:
CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...
CISA KEV remediation for Android and Linux vulnerabilities
Advisory/MitigationAbout this happening: CISA’s **KEV** update forced **federal agencies** to remediate **CVE-2025-48595** and **CVE-2022-0492** in **Android** and the **Linux kernel** before the **June 5** deadline, or...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/Mitigation
H score25
First: 20.05.2026 01:25
Last: 20.05.2026 01:25
Sources 1
About this happening:
**HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/MitigationAbout this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
H score34
First: 31.03.2026 10:05
Last: 31.03.2026 10:05
Sources 1
About this happening:
CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector ActionAbout this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
Timeline
-
25.12.2025 10:07 2 articles · 6mo ago
CISA adds actively exploited Digiever DS-2105 Pro flaw to KEV catalog
Initial DisclosureCISA added CVE-2023-52163 affecting Digiever DS-2105 Pro network video recorders to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw is a missing authorization issue in time_tzsetup.cgi that can enable command injection and post-authentication remote code execution, and reports from Akamai and Fortinet said threat actors used it to deliver Mirai and ShadowV2. TXOne Research said the related CVE-2023-52164 file-read flaw also remains unpatched because the device is end-of-life, and CISA advised avoiding internet exposure, changing default credentials, and for Federal Civilian Executive Branch agencies applying mitigations or discontinuing use by January 12, 2025.
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07