CVE-2025-7723
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-22

Last updated on: 2025-07-25

Assigner: TPLink

Description
A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-22
Last Modified
2025-07-25
Generated
2026-05-27
AI Q&A
2025-07-22
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7723
EUVD
EUVD-2025-22374
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
vigi nvr2016h-16mp 1.3.1
vigi nvr1104h-4p 1.1.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a command injection flaw in certain VIGI NVR devices (models NVR1104H-4P V1 and NVR2016H-16MP V2) that can be exploited after an attacker has authenticated. It allows an attacker to execute arbitrary commands on the affected device's system, potentially compromising its security.


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to unauthorized command execution on the affected devices, which may result in system compromise, data exposure, disruption of service, or further attacks within the network where the device is deployed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart