A essential vulnerability affecting Digiever DS-2105 Professional community video recorders was added to the Identified Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following proof of lively exploitation within the wild.
CVE-2023-52163 is a lacking authorization vulnerability in Digiever DS-2105 Professional gadgets. That allows attackers to execute unauthorized instructions via the time_tzsetup—cgi interface.
AttributeDetailsCVE IDCVE-2023-52163Vulnerability TypeMissing Authorization / Command InjectionAffected ProductDigiever DS-2105 Professional Community Video RecorderCWE ClassificationCWE-862 (Lacking Authorization)Assault VectorNetwork
The flaw, categorized below CWE-862 (Lacking Authorization), permits risk actors to bypass authentication mechanisms and inject malicious instructions into weak methods.
Digiever manufactures community video recording options broadly deployed throughout enterprises, authorities amenities, and demanding infrastructure environments.
The DS-2105 Professional mannequin serves as a community video recorder, managing safety digicam feeds and video storage.
CISA’s inclusion of this vulnerability within the KEV catalog confirms lively exploitation by malicious actors, although particular assault campaigns stay undisclosed.
The command injection functionality presents important dangers, doubtlessly permitting attackers to compromise surveillance methods, manipulate video feeds, set up persistent entry, or pivot into broader community environments.
Whether or not this vulnerability has been leveraged in ransomware campaigns stays unknown presently.
Federal Civilian Government Department (FCEB) businesses should remediate CVE-2023-52163 by January 12, 2026, in accordance with Binding Operational Directive(BOD 22-01).
Organizations ought to instantly apply safety patches and mitigations supplied by Digiever.
Implement community segmentation to isolate weak gadgets, and comply with relevant steering for cloud-connected providers.
Entities unable to acquire vendor patches ought to discontinue use of affected merchandise till enough mitigations turn out to be accessible.
All organizations working Digiever DS-2105 Professional methods ought to prioritize this vulnerability for instant remediation, given the confirmed lively exploitation.
Observe us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to function your tales.
