Table of Contents
Are Your DigiEver DVRs at Risk? Critical Vulnerabilities Exploited with No Fix in Sight
Hackers are targeting DigiEver DVRs, and there’s no patch to stop them. These devices, used for IP video surveillance, have critical flaws that let attackers take control. Here’s the deal: DigiEver stopped supporting these products years ago, leaving users exposed. A botnet called Hail Cock is already exploiting the issue, and it’s only getting worse.
Who’s affected? Owners of DigiEver DS-2105 Pro (version 3.1.0.71-11).
What’s wrong? Two major vulnerabilities allow attackers to:
- Inject malicious commands (CVE-2023-52163).
- Read sensitive files (CVE-2023-52164).
How does it happen? Attackers must log in first, then send altered requests to exploit the flaws.
Since December 2024, hackers have been using these vulnerabilities to spread malware through a Mirai botnet variant. DigiEver won’t fix the problem because the devices are outdated, leaving users with no official solution.
How to Protect Yourself from DigiEver DVR Security Flaws?
You can’t rely on DigiEver for help, but there are steps you can take:
Solution 1: Disconnect from the Internet
Keep your device offline to block external attacks.
Solution 2: Use a Firewall or Gateway
Shield the management interface from unauthorized access.
Solution 3: Change Default Credentials
Update usernames and passwords immediately.
Solution 4: Monitor Traffic
Use tools like TXOne Networks’ products or Snort 3 rules to detect potential exploits:
- Rule for CVE-2023-52163: Detects command injection attempts via /cgi-bin/cgi_main.cgi.
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Digiever DS-2105 Pro Command Injection"; flow:to_server,established; http_uri; content:"/cgi-bin/cgi_main.cgi"; http_client_body; content:"cgiName=time_tzsetup.cgi"; pcre:"/ntp=[0-9a-zA-Z\.\s]*[|`\;]/"; reference:cve,2023-52163; classtype:web-application-attack; sid:1000001; rev:1;).
- Rule for CVE-2023-52164: Identifies unauthorized file access via access_device.cgi.
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-CGI Digiever DS-2105 Authenticated Arbitrary File Read"; flow:to_server,established; http_uri;content:"/cgi-bin/cgi_main.cgi"; http_client_body; content:"cgiName=access_device.cgi"; pcre:"/fileName=(\/|\w+\/\.\./)/"; reference:cve,2023-52164; classtype:web-application-attack; sid:1000002; rev:1;).
Back in July 2023, researchers at TXOne Networks found these flaws and reported them through TWCERT/CC. DigiEver dismissed the issue in August, stating that the devices were obsolete for five years. By December 2023, CVE identifiers were assigned, but no fixes came. A year later, hackers began exploiting the vulnerabilities publicly.
If you own a DigiEver DVR, act now to secure your system. Disconnect it from the internet or protect it with firewalls and updated credentials. Hackers are already exploiting these flaws, and waiting could make things worse.