CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

Vulnerability / Endpoint Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), relates to a case of command injection that allows post-authentication remote code execution.

“Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi,” CISA said.

The addition of CVE-2023-52163 to the KEV catalog comes in the multiple reports from Akamai and Fortinet about the exploitation of the flaw by threat actors to deliver botnets like Mirai and ShadowV2.

According to TXOne Research security researcher Ta-Lun Yen, the vulnerability, alongside an arbitrary file read bug (CVE-2023-52164, CVSS score: 5.1), remains unpatched due to the device reaching end-of-life (EoL) status.

Successful exploitation requires an attacker to be logged into the device and perform a crafted request. In the absence of a patch, it’s advised that users avoid exposing the device to the internet and change the default username and password.

CISA is also recommending that Federal Civilian Executive Branch (FCEB) agencies apply the necessary mitigations or discontinue use of the product by January 12, 2025, to secure their network from active threats.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.