[CVE-2023-52163] Digiever DS-2105 Pro Missing Authorization Vulnerability

CISA KEV 정보

취약점명	Digiever DS-2105 Pro Missing Authorization Vulnerability
설명	Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
조치사항	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-862
등록일 (KEV)	2025-12-22
조치 기한	2026-01-12
추가 참고	https://www.digiever.com/tw/support/faq-content.php?FAQ=217 ; https://nvd.nist.gov/vuln/detail/CVE-2023-52163

NVD 상세 정보

CVSS v3.1: 8.8 HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

설명: Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CWE: CWE-862

참조

https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing [Exploit, Third Party Advisory]
https://www.txone.com/blog/digiever-fixes-sorely-needed/ [Exploit, Third Party Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-52163 [US Government Resource]
https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-devices [Exploit, Third Party Advisory]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2023-52163] Digiever DS-2105 Pro Missing Authorization Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍