loader image
Dim server room: cracked NVR spilling green binary, hooded figure at CCTV monitors - CISA Digiever flaw warning.
CISA Adds Digiever DS-2105 Flaw to Exploited List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities catalog as CISA adds a Digiever flaw tied to a command injection bug in the DS-2105 Pro network video recorder. The vulnerability, tracked as CVE-2023-52163 with a CVSS score of 8.8, affects devices running firmware version 3.1.0.71-11.

DS-2105 Pro operates as a Linux-based standalone system widely used for IP camera surveillance. The issue stems from the time_tzsetup.cgi script, which improperly sanitizes user input. Attackers could exploit this weakness by sending specially crafted HTTP requests, leading to remote code execution with system-level privileges.

Digiever no longer supports these end-of-life devices, leaving them exposed without available security patches. CISA has mandated all Federal Civilian Executive Branch agencies address this flaw by Jan. 12, 2026, under Binding Operational Directive 22-01. Industry professionals are also urged to review the full catalog, as CISA adds the Digiever flaw alongside other actively exploited threats.

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

Write a Reply or Comment

Your email address will not be published. Required fields are marked *