8.8

CVE-2023-52163

Warnung
Exploit
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DigieverDs-2105 Pro Firmware Version3.1.0.71-11
   DigieverDs-2105 Pro Version-
DigieverDs-2105 Pro+ Firmware Version3.1.0.71-11
   DigieverDs-2105 Pro+ Version-

22.12.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Digiever DS-2105 Pro Missing Authorization Vulnerability

Schwachstelle

Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 62.61% 0.984
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.