The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence of active exploitation in the wild.
The vulnerability, tracked as CVE-2023-52163 (CVSS score: 8.8), involves a command injection issue that enables post-authentication remote code execution.
“Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi,” CISA said.
Active Exploitation in the Wild
Meanwhile, CISA added CVE-2023-52163 to the KEV catalog following multiple reports from Akamai and Fortinet, which documented threat actors exploiting the flaw to deploy botnets such as Mirai and ShadowV2.
According to TXOne Research security researcher Ta-Lun Yen, the vulnerability—alongside an arbitrary file read flaw tracked as CVE-2023-52164 (CVSS score: 5.1)—remains unpatched because the device has reached end-of-life (EoL) status.
Mitigation Guidance for Users and Agencies
To successfully exploit the flaw, an attacker must log into the device and send a specially crafted request. Consequently, in the absence of an available patch, security experts advise users to avoid exposing the device to the internet and to change the default username and password.
Finally, CISA recommends that Federal Civilian Executive Branch (FCEB) agencies apply the required mitigations or discontinue use of the affected product by January 12, 2025, to protect their networks from ongoing threats.
Source: TheHackerNews
Read more at Impreza News
