CVE-2023-52163 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-02-03

Added to CISA KEV: 2025-12-22 322 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately isolate affected Digiever DS-2105 Pro devices from internet access
Replace devices with supported alternatives as no patches are available for this end-of-life product
If continued use necessary, place behind VPN or firewall with strict access controls
Monitor network traffic for suspicious CGI requests to time_tzsetup.cgi
PATCH PRIORITY: CRITICAL - but no patches available, requires device replacement

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2023-52163 is a critical security vulnerability affecting specific Digiever network video recorder (NVR) devices. Below is a summary of the known details regarding this vulnerability.

Overview and Active Exploitation

Active Exploitation: CVE-2023-52163 is officially recognized by the Cybersecurity and Infrastructure Security Agency (CISA) as a Known Exploited Vulnerability (KEV) ^[1]. CISA added this vulnerability to its catalog in December 2025 based on evidence of active exploitation in the wild ^[3].
Threat Actor Usage: While it is confirmed to be exploited in the wild, specific details regarding the threat actors or the nature of the campaigns (e.g., whether it is used in ransomware or targeted espionage) are not publicly detailed in current threat intelligence reports.

Attack Method and Requirements

Vulnerability Type: The vulnerability is primarily identified as a command injection vulnerability within the `time_tzsetup.cgi` script ^[2]. Some sources also reference it in the context of a "missing authorization" vulnerability?search_api_fulltext=ofbiz&page=6?kagi_q=CVE-2023-52163+details+exploitation+impact+patch.
Exploitation Requirements: As a command injection vulnerability in a network-facing CGI script, it typically allows for remote exploitation. It generally does not require complex user interaction to trigger, making it a high-risk entry point for attackers.

Impact

Access and Impact: Successful exploitation allows an attacker to execute arbitrary commands on the underlying operating system of the affected Digiever device. This can lead to a full compromise of the device, potentially allowing attackers to gain unauthorized access to surveillance feeds, manipulate system settings, or use the compromised NVR as a pivot point to attack other systems within the local network.

Affected Products and Mitigation

Affected Versions: The vulnerability affects Digiever DS-2105 Pro devices running firmware version 3.1.0.71-11 ^[2].
Patch Status: Users are advised to check for and apply the latest firmware updates provided by Digiever. Because this is a CISA-cataloged vulnerability, organizations—particularly those in critical infrastructure or those utilizing these devices for security and surveillance—are strongly encouraged to prioritize patching to mitigate the risk of exploitation ^[1].

Sources

CVE-2023-52163 Detail - NVD
This CVE is in CISA's Known Exploited Vulnerabilities Catalog. Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and ... An official website of the United States government NVD MENU…
Digiever DS-2105 Pro 3.1.0.71-11 devices allow... · CVE-2023-52163
Description. Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products ... Patched versions.Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability. Atta…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2023-52163…

🔴 CVE-2023-52163