CVE-2023-52163
CVE-2023-52163
In short
A vulnerability in Digiever DS-2105 Pro allows attackers to execute arbitrary commands through the time_tzsetup.cgi file. This affects unsupported versions of the device and could let someone take complete control of the system.
Technical detail
CWE-862 (Missing Authorization) combined with command injection in time_tzsetup.cgi allows unauthenticated or low-privileged attackers to execute arbitrary system commands on affected Digiever DS-2105 Pro devices (version 3.1.0.71-11). The vulnerability exists in an unsupported product line with no available patches.
Summary generated and translated by AI from the official description.
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thinghttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-52163https://www.fortinet.com/blog/threat-research/shadowv2-casts-a-shadow-over-iot-deviceshttps://www.txone.com/blog/digiever-fixes-sorely-needed/