The Digiever DS-2105 Pro network video recorder contains a critical vulnerability (CVE-2023-52163) that allows remote code execution through a command injection flaw in the time_tzsetup.cgi endpoint. This vulnerability arises from missing authorization checks, enabling authenticated attackers to execute arbitrary commands on the device. The vulnerability has a CVSS score of 8.8 and is actively exploited in the wild, as confirmed by CISA's inclusion of this flaw in its Known Exploited Vulnerabilities catalog. Threat actors have leveraged this vulnerability to deploy botnets such as Mirai and ShadowV2, which can be used for large-scale distributed denial-of-service (DDoS) attacks and other malicious activities. The device is end-of-life, and no patches are available, leaving users exposed. Exploitation requires the attacker to be logged into the device, which may be facilitated by default or weak credentials. An additional related vulnerability (CVE-2023-52164) allows arbitrary file reading, further increasing the attack surface. Due to the lack of patch availability, mitigation focuses on reducing exposure by avoiding internet-facing deployments and changing default credentials. CISA recommends that federal agencies discontinue use or apply mitigations by January 12, 2025. The vulnerability impacts the confidentiality, integrity, and availability of surveillance systems, potentially compromising security monitoring and enabling attackers to pivot into internal networks.

European organizations using Digiever DS-2105 Pro NVRs are at significant risk of compromise, which could lead to unauthorized access to surveillance footage, disruption of security monitoring, and use of compromised devices as botnet nodes. This can result in privacy violations, operational disruptions in critical infrastructure, and increased exposure to large-scale DDoS attacks originating from infected devices. The inability to patch the device due to its end-of-life status exacerbates the risk, especially for organizations that have not isolated these devices from external networks. The presence of these vulnerable NVRs in sectors such as transportation, public safety, and industrial control systems could have cascading effects on national security and public safety. Additionally, compromised devices could serve as footholds for lateral movement within corporate or government networks, increasing the risk of broader cyber intrusions.

1. Immediately remove all Digiever DS-2105 Pro NVRs from internet-facing positions to prevent remote exploitation. 2. Change all default and weak passwords on affected devices to strong, unique credentials to reduce the risk of unauthorized login. 3. Segment the network to isolate NVRs from critical infrastructure and sensitive systems, limiting lateral movement opportunities. 4. Monitor network traffic for unusual outbound connections indicative of botnet activity, such as Mirai or ShadowV2 command and control communications. 5. Implement strict access controls and multi-factor authentication where possible to reduce the risk of credential compromise. 6. Plan and execute a phased replacement of end-of-life Digiever devices with supported, regularly patched alternatives. 7. For organizations unable to replace devices immediately, deploy virtual patching via network intrusion prevention systems to block exploitation attempts targeting the vulnerable endpoint. 8. Conduct regular security audits and vulnerability assessments focusing on IoT and surveillance devices. 9. Educate staff on the risks associated with legacy devices and enforce policies to avoid exposing such devices externally. 10. Coordinate with suppliers and vendors to obtain updated security guidance and support.