CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2023-52163, a command injection flaw in Digiever DS-2105 Pro NVRs, to its Known Exploited Vulnerabilities (KEV) catalog on December 25, 2025. This vulnerability allows post-authentication remote code execution and is actively exploited to deploy botnets like Mirai and ShadowV2.

Why This Matters

Ideal security models assume timely patching, but many IoT devices reach end-of-life without updates, creating persistent vulnerabilities. The Digiever NVR flaw, with a CVSS score of 8.8, represents a significant risk; unpatched devices are easily compromised, potentially resulting in large-scale botnet deployments and associated network disruption costs.

Key Insights

• CVE-2023-52163 (CVSS 8.8): Command injection in Digiever DS-2105 Pro allows remote code execution.
• End-of-Life (EoL): Digiever has ceased support for the affected NVR, leaving users without official patches.
• Botnet Targeting: Threat actors are actively exploiting this vulnerability to install malware like Mirai and ShadowV2.

Practical Applications

• Use Case: Security camera systems in small businesses are compromised and added to a DDoS botnet.
• Pitfall: Relying on default credentials for IoT devices simplifies exploitation for attackers.

References:

• https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html