Command Injection Vulnerability in Digiever DS-2105 Pro by Digiever
CVE-2023-52163

5.9MEDIUM

Key Information:

Vendor: Digiever
Status: DS-2105 Pro
Vendor: CVE Published:; 3 February 2025

What is CVE-2023-52163?

The Digiever DS-2105 Pro devices are vulnerable to command injection through the time_tzsetup.cgi interface. This vulnerability allows attackers to execute arbitrary commands on the device, which can compromise the integrity and security of the system. It is important to note that this issue affects only those devices that are no longer supported by the manufacturer, leaving them susceptible to exploitation. Users are advised to upgrade to supported versions or consider other secure solutions to mitigate potential risks.

References

https://www.txone.com/blog/digiever-fixes-sorely-needed/

https://www.akamai.com/blog/security-research/digiever-fi...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Dec 29, 2023

JSON