CISA Adds Digiever DS-2105 Pro Flaw to KEV Amid Attacks Now!

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting Digiever DS-2105 Pro network video recorders to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The issue is tracked as CVE-2023-52163 and carries a CVSS score of 8.8.

CISA described the problem as, “Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi,” and noted that exploitation enables post-authentication remote code execution. Command injection is a flaw that allows attackers to run system commands on the device. Remote code execution (RCE) is the ability to run code on a device from another system.

Reports from security vendors including Akamai and Fortinet show threat actors exploited this bug to deploy botnets such as Mirai and ShadowV2. A second issue, CVE-2023-52164, is an arbitrary file read vulnerability with a CVSS score of 5.1 and also remains unpatched.

According to researcher Ta-Lun Yen at TXOne Research, the DS-2105 Pro has reached end-of-life (EoL), meaning the vendor no longer provides updates, which leaves the flaws unpatched. Successful attacks require valid device credentials and a crafted request.

In lieu of a vendor patch, users should avoid exposing the device to the internet and change default usernames and passwords. CISA urges Federal Civilian Executive Branch agencies to apply mitigations or discontinue use of the product by January 12, 2025.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• China’s Yuan Surge: Africa, BRICS Erode Dollar Dominance Now
• US Drives Bitcoin ETF Outflows Into Christmas; Hope Remains.
• Fortinet warns CVE-2020-12812 2FA bypass via case glitch now
• Cathie Wood: 2026 a Goldilocks Year for Crypto Revival Surge
• Bitcoin flashed $24,111 on Binance USD1 wick, then rebounded