Command Injection Vulnerability in Digiever DS-2105 Pro by Digiever
CVE-2023-52163

8.8HIGH

Key Information:

Vendor: Digiever
Status: DS-2105 Pro
Vendor: CVE Published:; 3 February 2025

Badges

👾 Exploit Exists🟣 EPSS 69%🦅 CISA Reported📰 News Worthy

What is CVE-2023-52163?

The Digiever DS-2105 Pro devices are vulnerable to command injection through the time_tzsetup.cgi interface. This vulnerability allows attackers to execute arbitrary commands on the device, which can compromise the integrity and security of the system. It is important to note that this issue affects only those devices that are no longer supported by the manufacturer, leaving them susceptible to exploitation. Users are advised to upgrade to supported versions or consider other secure solutions to mitigate potential risks.

CISA has reported CVE-2023-52163

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-52163 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch