CVE-2023-52163

high

Description

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

References

https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html

https://securityaffairs.com/186021/security/u-s-cisa-adds-a-flaw-in-digiever-ds-2105-pro-to-its-known-exploited-vulnerabilities-catalog.html

https://securityaffairs.com/185135/malware/new-mirai-variant-shadowv2-tests-iot-exploits-amid-aws-disruption.html

https://www.theregister.com/2025/11/26/miraibased_botnet_shadowv2/

https://www.bleepingcomputer.com/news/security/new-shadowv2-botnet-malware-used-aws-outage-as-a-test-opportunity/

https://securityaffairs.com/183183/malware/rondodox-botnet-targets-56-flaws-across-30-device-types-worldwide.html

https://www.bleepingcomputer.com/news/security/rondodox-botnet-targets-56-n-day-flaws-in-worldwide-attacks/

https://www.txone.com/blog/digiever-fixes-sorely-needed/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-52163

https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing

Details

Source: Mitre, NVD

Published: 2025-02-03

Updated: 2025-12-24

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.21421

Detections

Analytics