Ethical Hacking News
A new UEFI flaw has been discovered that enables early-boot DMA attacks on popular motherboards from ASRock, ASUS, GIGABYTE, and MSI. This vulnerability allows post-authentication remote code execution through a critical case of command injection in the time_tzsetup.cgi parameter of Digiever DS-2105 Pro NVRs. Follow this article to learn more about the latest cybersecurity concern and what you can do to protect yourself.
The UEFI flaw allows early-boot DMA attacks on popular motherboards from ASRock, ASUS, GIGABYTE, and MSI. A critical case of command injection in the time_tzsetup.cgi parameter of Digiever DS-2105 Pro NVRs has been identified as CVE-2023-52163 with a CVSS score of 8.8. The vulnerability allows for post-authentication remote code execution due to a missing authorization mechanism in the device's firmware. Threat actors have actively exploited this vulnerability, resulting in the delivery of botnets such as Mirai and ShadowV2. User actions can mitigate exposure: change default username and password settings, refrain from using the NVR over the internet unless necessary. CISA has recommended that FCEB agencies apply necessary mitigations or discontinue use of the Digiever DS-2105 Pro NVR by January 12, 2025.
The cybersecurity landscape continues to evolve at a rapid pace, with new vulnerabilities and threats emerging regularly. Recently, a significant concern has been raised regarding the exploitation of an unpatched UEFI (Unified Extensible Firmware Interface) flaw that allows early-boot DMA (Direct Memory Access) attacks on popular motherboards from ASRock, ASUS, GIGABYTE, and MSI.
The discovery of this vulnerability was made possible through extensive research conducted by security experts, who identified a critical case of command injection in the time_tzsetup.cgi parameter of Digiever DS-2105 Pro network video recorders (NVRs). This flaw, tracked as CVE-2023-52163 with a CVSS score of 8.8, allows for post-authentication remote code execution.
The vulnerability is attributed to a missing authorization mechanism in the device's firmware, which enables an attacker to inject malicious commands and execute arbitrary code on the system. This attack vector is particularly concerning because it can be launched even after authentication, making it challenging to detect and respond to the threat.
According to CISA (Cybersecurity and Infrastructure Security Agency), the vulnerability has been actively exploited by threat actors, resulting in the delivery of botnets such as Mirai and ShadowV2. The agency has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the need for immediate attention from device manufacturers and users.
Fortunately, the Digiever DS-2105 Pro NVR is still supported by the manufacturer, with a patch available. However, due to the device reaching end-of-life (EoL), many users are left without access to official security updates. In this scenario, it is essential for users to take proactive measures to protect themselves from potential attacks.
To avoid exposure to the internet and minimize the risk of exploitation, users are advised to change their default username and password settings on the device. Furthermore, users should refrain from using the NVR over the internet unless necessary, as this increases the attack surface.
In light of these concerns, CISA has recommended that Federal Civilian Executive Branch (FCEB) agencies apply necessary mitigations or discontinue use of the Digiever DS-2105 Pro NVR by January 12, 2025, to ensure network security from active threats.
This latest discovery highlights the importance of staying informed about emerging vulnerabilities and taking proactive steps to secure your devices. It also underscores the need for continuous monitoring of system updates and patches to prevent such attacks.
Stay vigilant and stay safe online.
Related Information:
https://www.ethicalhackingnews.com/articles/New-UEFI-Flaw-Enables-Early-Boot-DMA-Attacks-on-Popular-Motherboards-A-Growing-Concern-for-Cybersecurity-ehn.shtml
https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html
https://undercodenews.com/cisa-flags-actively-exploited-digiever-nvr-vulnerability-threatening-enterprise-surveillance-networks/
Published: Thu Dec 25 17:12:58 2025 by llama3.2 3B Q4_K_M
