A critical vulnerability affecting Digiever DS-2105 Pro network video recorders was added to the Known Exploited Vulnerabilities (KEV) catalog on December 22, 2025, following evidence of active exploitation in the wild.
CVE-2023-52163 is a missing authorization vulnerability in Digiever DS-2105 Pro devices. That enables attackers to execute unauthorized commands through the time_tzsetup—cgi interface.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2023-52163 |
| Vulnerability Type | Missing Authorization / Command Injection |
| Affected Product | Digiever DS-2105 Pro Network Video Recorder |
| CWE Classification | CWE-862 (Missing Authorization) |
| Attack Vector | Network |
The flaw, classified under CWE-862 (Missing Authorization), allows threat actors to bypass authentication mechanisms and inject malicious commands into vulnerable systems.
Digiever manufactures network video recording solutions widely deployed across enterprises, government facilities, and critical infrastructure environments.
The DS-2105 Pro model serves as a network video recorder, managing security camera feeds and video storage.
CISA’s inclusion of this vulnerability in the KEV catalog confirms active exploitation by malicious actors, though specific attack campaigns remain undisclosed.
The command injection capability presents significant risks, potentially allowing attackers to compromise surveillance systems, manipulate video feeds, establish persistent access, or pivot into broader network environments.
Whether this vulnerability has been leveraged in ransomware campaigns remains unknown at this time.
Federal Civilian Executive Branch (FCEB) agencies must remediate CVE-2023-52163 by January 12, 2026, in accordance with Binding Operational Directive(BOD 22-01).
Organizations should immediately apply security patches and mitigations provided by Digiever.
Implement network segmentation to isolate vulnerable devices, and follow applicable guidance for cloud-connected services.
Entities unable to obtain vendor patches should discontinue use of affected products until adequate mitigations become available.
All organizations operating Digiever DS-2105 Pro systems should prioritize this vulnerability for immediate remediation, given the confirmed active exploitation.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
