CVE-2023-52164
📋 TL;DR
CVE-2023-52164 allows unauthenticated attackers to read arbitrary files on Digiever DS-2105 Pro devices via the access_device.cgi endpoint. This affects users of unsupported Digiever IoT devices running vulnerable firmware versions.
💻 Affected Systems
- Digiever DS-2105 Pro
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive system files, configuration files, or credentials, potentially leading to full device compromise and lateral movement within the network.
Likely Case
Unauthenticated file disclosure of configuration files, potentially exposing network settings, credentials, or device information.
If Mitigated
Limited impact if devices are isolated in segmented networks with strict access controls and monitoring.
🎯 Exploit Status
Simple HTTP request to the CGI endpoint with file path parameter allows arbitrary file read without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: Not provided in references
Restart Required: No
Instructions:
No official patch available as products are no longer supported. Consider workarounds or replacement.
🔧 Temporary Workarounds
Network Access Control
linuxBlock external access to the device's web interface and restrict internal access to authorized networks only.
iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
Web Server Configuration
linuxDisable or restrict access to the vulnerable access_device.cgi endpoint if possible.
mv /path/to/access_device.cgi /path/to/access_device.cgi.disabled
🧯 If You Can't Patch
- Isolate affected devices in a separate VLAN with strict firewall rules preventing external and unnecessary internal access.
- Implement network monitoring and intrusion detection for unusual access patterns to the device's web interface.
🔍 How to Verify
Check if Vulnerable:
Send HTTP GET request to http://device_ip/access_device.cgi?file=/etc/passwd and check if file contents are returned.Check Version:
Check web interface login page or system information page for firmware version.Verify Fix Applied:
Attempt the same request after implementing workarounds - should receive access denied or 404 error.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /access_device.cgi with file parameter
- Unusual file access patterns in web server logs
Network Indicators:
- HTTP GET requests to access_device.cgi endpoint from untrusted sources
- File path traversal patterns in HTTP parameters
SIEM Query:
source="web_logs" AND uri="/access_device.cgi" AND query="*file=*"