The Cybersecurity and Infrastructure Security Agency has officially added a critical command injection flaw affecting Digiever DS-2105 Pro video recorders to its list of actively exploited vulnerabilities. Because the device has reached end-of-life status and will not receive a patch, federal agencies and private users are urged to stop using the equipment or strictly limit its network exposure.

CISA recently updated its Known Exploited Vulnerabilities catalog to include a significant security hole found in Digiever DS-2105 Pro network video recorders. This flaw, identified as CVE-2023-52163, carries a high severity rating due to its ability to let an attacker execute remote code after gaining initial access to the system. The issue stems from a lack of proper authorization within a specific configuration file, which opens the door for malicious commands to be injected into the device's operations.

Reports from cybersecurity firms like Akamai and Fortinet indicate that hackers are already taking advantage of this weakness in the wild. Specifically, threat actors have been observed using the flaw to infect these video recorders with botnet malware such as Mirai and ShadowV2. These botnets allow attackers to take control of many devices at once, often using them to launch large-scale distributed denial-of-service attacks or to further penetrate private networks.

GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025

A major concern for security professionals is that this vulnerability, along with a secondary file-reading bug, remains unpatched by the manufacturer. Because the Digiever DS-2105 Pro is considered an end-of-life product, the company is no longer providing software updates or security fixes to resolve these issues. This leaves current owners in a difficult position where the hardware itself is inherently insecure against modern exploitation techniques.

To carry out an attack, a bad actor must first be logged into the device to send a specially crafted request. While this requires a level of authentication, many of these devices are left with default login credentials or are accessible over the open internet, making them easy targets for automated scripts. Security researchers advise that anyone still using these recorders should immediately change default passwords and ensure the devices are not reachable from outside the local network.

Given the active risks, CISA has set a deadline of January 12, 2025, for federal agencies to either implement strict mitigations or completely discontinue the use of these recorders. For the general public, the recommendation is similar: since no official fix is coming, replacing the outdated hardware is the most effective way to prevent a breach. Until a replacement is found, keeping the devices behind a robust firewall is the only way to reduce the likelihood of a botnet infection.

Source: CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution