Main Vulnerability Database Vulnerabilities #VU113206

OS Command Injection in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 - CVE-2025-7724

Published: July 25, 2025

Vulnerability identifier: #VU113206

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-7724

CWE-ID: CWE-78

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: TP-Link

Affected software:
VIGI NVR1104H-4P V1
VIGI NVR2016H-16MP V2

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker on the local network can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2025-7724

Install updates from vendor's website.

OS Command Injection in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 - CVE-2025-7724

Detailed vulnerability description

How to mitigate CVE-2025-7724

Sources

Please verify you're human