CVE-2023-52163 in DS-2105 Pro
Summary
by MITRE • 02/03/2025
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/02/2026
The Digiever DS-2105 Pro series devices represent a line of network video recording systems that have reached end-of-life support status, making them particularly vulnerable to exploitation due to the absence of security updates. This specific vulnerability exists within the time_tzsetup.cgi web interface component which handles timezone and time configuration settings. The device firmware version 3.1.0.71-11 contains a critical command injection flaw that allows remote attackers to execute arbitrary system commands through improperly sanitized input parameters. The vulnerability manifests when user-supplied data is directly incorporated into system commands without adequate validation or escaping mechanisms.
The technical flaw resides in the improper handling of input parameters within the time_tzsetup.cgi script, which processes timezone configuration requests from web clients. When an attacker submits malicious input through the web interface, the system fails to properly sanitize or validate the data before incorporating it into system command execution contexts. This creates a classic command injection vulnerability where attacker-controlled commands can be executed with the privileges of the web server process, typically running with elevated system permissions. The vulnerability is categorized under CWE-77 as Command Injection, which is a well-documented weakness in web applications where user input is directly used in system command execution without proper sanitization.
The operational impact of this vulnerability is severe given that the affected devices are network-accessible video recording systems that often operate in security-critical environments. An attacker could potentially gain full control over the device, including access to stored video footage, modification of system configurations, and use of the device as a pivot point for attacking other systems within the network. The vulnerability allows for arbitrary command execution which could enable attackers to install backdoors, modify system files, or even completely compromise the device's functionality. Network-based attacks can be executed remotely without requiring physical access to the device, making the attack surface particularly broad.
Security practitioners should note that this vulnerability is particularly concerning due to the end-of-life status of the affected products, meaning no official patches or updates are available from the vendor. Organizations should consider immediate network segmentation to isolate these devices from critical network segments and implement network monitoring to detect potential exploitation attempts. The ATT&CK framework categorizes this vulnerability under T1059.001 for Command and Scripting Interpreter with specific focus on executing commands through web interfaces. Mitigation strategies should include disabling unnecessary web services, implementing strict network access controls, and conducting thorough network scans to identify all affected devices. Additionally, organizations should consider replacing these unsupported devices with properly maintained systems that receive regular security updates and patches to prevent exploitation of known vulnerabilities.