CISA has added a vulnerability in Digiever DS-2105 Pro NVR devices to its KEV catalog, which could be exploited remotely via command injection. Affected devices running outdated firmware are at risk of full compromise, emphasizing the need for prompt mitigation. #Digiever #CVE202352163
Keypoints
- The vulnerability affects Digiever DS-2105 Pro network video recorders used in security setups.
- It involves a command injection flaw in the time_tzsetup.cgi script on unsupported firmware versions.
- Exploitation could allow remote attackers to execute arbitrary commands and fully compromise devices.
- The affected devices are EoL, meaning no official security patches are available for them.
- Federal agencies are required to address this vulnerability by January 12, 2026, under BOD 22-01.