CVE-2025-7724
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-07-25
Assigner: TPLink
Description
Description
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tp-link | vigi_nvr1104h-4p | v1 |
| tp-link | vigi_nvr2016h-16mp | v2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unauthenticated OS command injection in certain versions of VIGI NVR1104H-4P and VIGI NVR2016H-16MP devices. It allows an attacker to execute arbitrary operating system commands without needing to authenticate, potentially compromising the affected devices.
How can this vulnerability impact me? :
The vulnerability can lead to severe impacts including unauthorized control over the affected devices, data compromise, disruption of device functionality, and potential use of the devices as a foothold for further attacks within a network.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70