⚠️ CISA Known Exploited Vulnerability

Active Threat

This vulnerability is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Active exploitation has been observed in the wild. This poses significant risk to federal enterprises and should be prioritized for immediate patching.

View CISA KEV Catalog

CVE-2023-52163

High CISA KEV

Low Medium High Critical

8.8

CVSS Score

Published: Feb 03, 2025

Last Modified: Dec 24, 2025

CWE: CWE-862

Vulnerability Description

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

2 configuration(s) from 1 vendor(s)

ds-2105_pro\+_firmware

Version:

3.1.0.71-11

CPE:

cpe:2.3:o:digiever:ds-2105_pro\+_firmware:3.1.0.71-11:*:*:*:*:*:*:*

ds-2105_pro_firmware

Version:

3.1.0.71-11

CPE:

cpe:2.3:o:digiever:ds-2105_pro_firmware:3.1.0.71-11:*:*:*:*:*:*:*

This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

8.8

out of 10.0

High

CISA KEV Status

Active Exploitation

Listed in CISA's Known Exploited Vulnerabilities catalog

View on CISA KEV

Weakness Type (CWE)

CWE-862 Top 25 #8

Missing Authorization

Description: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A01:2021-Broken Access Control
Abstraction Level: Class