Cybersecurity

The Wolves Are Inside Your Security Camera, And Frankly, I Am Not Surprised

Victor Woolridge

25 Dec 2025 • 2 min read

I have been warning about this for fifteen years. Nobody listens. Now here we are.

CISA has formally added the Digiever DS-2105 Pro NVR vulnerability to its Known Exploited Vulnerabilities catalog, which means the wolves are not merely circling the pasture. They are inside the recording equipment, watching the pasture, and using it to attack other pastures. This is a remote code execution flaw being actively weaponized for botnet operations. The flock is being observed, catalogued, and conscripted.

A Network Video Recorder. A security device. Compromised and turned into an instrument of a Distributed Denial of Sheep operation. I want everyone to sit with that for a moment.

Your surveillance equipment is now the attacker. This is not irony. This is the entirely predictable consequence of purchasing cheap, unsheared hardware and pointing it at the internet like it is perfectly safe to do so.

In the old days, if you wanted to monitor a facility, you used a VHS tape and a locked room. Nobody was remotely executing code on your VHS tape. You know why? Because it was not connected to the Sky Pasture. It was connected to nothing. It sat in a drawer. It was magnificent.

The hole in the fence here is particularly grim because unpatched Digiever devices have essentially been sitting in fields with a sign reading "WOLVES WELCOME, PLEASE RECRUIT ME." CISA's advisory notes that no patch is currently available for certain affected models, which means the ointment does not yet exist. The shepherds in management who approved purchasing these units and then forgot about them should be made to write a formal apology. To everyone.

The botnet angle is what elevates this from embarrassing to genuinely dangerous. These compromised devices become foot soldiers. Your forgotten NVR in a dusty server closet is now, effectively, a wolf in a sheep costume, battering someone else's electric fence.

Remediation

CISA's guidance is blunt, and for once I agree with the federal government on something. Here is what you do, in order:

First. Audit every NVR and IoT device on your network. Every single one. I will wait.

Second. If the device is end-of-life or unpatched, remove it from internet-facing exposure immediately. Put it behind the sheep tunnel at minimum.

Third. Apply any available ointment the moment the vendor releases it. Not next quarter. Now.

Fourth. Segment your network. Your security cameras should not be on the same pasture as your critical systems. This is not advanced advice. This is 1998 advice.

Fifth. Replace hardware that cannot be patched. Yes, it costs money. So does a botnet.

Somewhere, a magnetic tape is laughing at all of us.

Original Report: https://thehackernews.com/2025/12/cisa-flags-actively-exploited-digiever.html