Digiever DS-2105 Pro actively exploited command injection RCE (CVE-2023-52163)
Vulnerability
Summary
Hide ▲
Show ▼
Digiever DS-2105 Pro NVRs are exposed to CVE-2023-52163, a post-authentication command injection flaw that can lead to remote code execution and has been actively exploited. CISA added the vulnerability to the KEV catalog, underscoring real-world risk for organizations still running the affected devices. The flaw remains unpatched because the product is end-of-life, so exposure reduction and access restrictions are the main defenses.
Related Happenings
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/Mitigation
First: 20.05.2026 01:25
Last: 20.05.2026 01:25
Sources 1
About this happening:
**HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
ChromaDB Python API exposure mitigation (CVE-2026-45829)
Advisory/MitigationAbout this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
First: 31.03.2026 10:05
Last: 31.03.2026 10:05
Sources 1
About this happening:
CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector ActionAbout this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
First: 18.02.2026 08:52
Last: 18.02.2026 08:52
Sources 1
About this happening:
**CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation WaveAbout this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation Wave
First: 12.02.2026 23:34
Last: 12.02.2026 23:34
Sources 1
About this happening:
**CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation Wave
First: 25.12.2025 10:07
Last: 25.12.2025 10:07
Sources 1
How related:
"The addition of CVE-2023-52163 to the KEV catalog comes in the multiple reports from Akamai and Fortinet about the exploitation of the flaw by threat actors to deliver botnets like Mirai and ShadowV2."
About this happening:
**CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...
Digiever DS-2105 Pro active exploitation wave (CVE-2023-52163)
Exploitation WaveHow related: "The addition of CVE-2023-52163 to the KEV catalog comes in the multiple reports from Akamai and Fortinet about the exploitation of the flaw by threat actors to deliver botnets like Mirai and ShadowV2."
About this happening: **CVE-2023-52163** is being exploited at scale against **Digiever DS-2105 Pro NVRs**, with multiple reports linking abuse to **Mirai** and **ShadowV2** botnet delivery. The flaw i...
Timeline
-
25.12.2025 10:07 2 articles · 5mo ago
CISA adds actively exploited Digiever DS-2105 Pro flaw to KEV catalog
Initial DisclosureCISA added CVE-2023-52163 affecting Digiever DS-2105 Pro network video recorders to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw is a missing authorization issue in time_tzsetup.cgi that can enable command injection and post-authentication remote code execution, and reports from Akamai and Fortinet said threat actors used it to deliver Mirai and ShadowV2. TXOne Research said the related CVE-2023-52164 file-read flaw also remains unpatched because the device is end-of-life, and CISA advised avoiding internet exposure, changing default credentials, and for Federal Civilian Executive Branch agencies applying mitigations or discontinuing use by January 12, 2025.
Show sources
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07
- CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution — thehackernews.com — 25.12.2025 10:07