CVE-2023-52163

ENISA EUVD: EUVD-2023-56836 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 2 articles Published: 2025-02-03

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

72.66%

probability

This CVE has a 72.66% probability of being exploited in the next 30 days.

0% Top 98.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Affected Products

n/a

digiever

ds-2105 pro firmware

digiever

ds-2105 pro\+ firmware

n/a

Attack Intelligence

CWE-284 · Improper Access Control CWE-285 · Improper Authorization CWE-862 · Missing Authorization

https://www.txone.com/blog/digiever-fixes-sorely-needed/

https://www.akamai.com/blog/security-research/digiever-fix-that-iot-thing

Signal Intelligence

Confidenceⓘ

85%

EPSS 72.66%

CVSS v3.1 8.8

Mentions 2

Last Seen Dec 29, 2025

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2023-52163 is confirmed as a zero-day based on CISA KEV listing indicating active exploitation of Digiever DS-2105 Pro NVRs. The CVE was published 2025-02-03 and CISA added it to KEV catalog shortly after, signaling concurrent exploitation and patch availability timing consistent with zero-day criteria. Although the product is end-of-life, active exploitation by threat actors meets the zero-day definition.

Threat Actors 3

Hacking Team

apt_group 🇮🇹 IT

Red October

apt_group 🇷🇺 RU

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateFeb 03, 2025