CISA Flags Actively Exploited Critical Digiever NVR Vulnerability Enabling Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Digiever DS-2105 Pro network video recorders to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation in the wild.

The flaw, tracked as CVE-2023-52163 with a CVSS score of 8.8, is a missing authorization issue that enables command injection and post-authentication remote code execution via the time_tzsetup.cgi endpoint.

According to CISA, threat actors are actively exploiting the vulnerability to deploy botnets such as Mirai and ShadowV2. Independent reports from Akamai and Fortinet corroborate ongoing attacks leveraging this weakness.

The risk is compounded by the fact that Digiever DS-2105 Pro devices have reached end-of-life (EoL) status and no longer receive security updates. A related issue, CVE-2023-52164, which allows arbitrary file read access, also remains unpatched.

CISA advises organizations to avoid exposing affected devices to the internet, change default credentials, or discontinue use entirely. U.S. federal agencies have been given a deadline of January 12, 2025, to apply mitigations or remove the vulnerable products from their environments.

Network video recorders and other IoT devices are frequent targets due to outdated software, weak access controls, and limited lifecycle support. Once compromised, such systems are often repurposed for botnets, DDoS campaigns, or as entry points into larger enterprise networks.

The Digiever case highlights a persistent cybersecurity risk: unsupported and unpatched IoT devices remain a prime attack surface for cybercriminals. Without vendor updates, mitigation and decommissioning are often the only viable defense.