CVE-2025-7724 Unauthenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2

🗓️ 22 Jul 2025 20:43:18Reported by TPLinkType

Unauthenticated command injection vulnerability in VIGI NVR1104H-4P V1 and NVR2016H-16MP V2

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-7724	22 Jul 202520:43	–	attackerkb
Circl	CVE-2025-7724	25 Jul 202516:32	–	circl
CNNVD	VIGI NVR1104H-4P V1和VIGI NVR2016H-16MP V2 操作系统命令注入漏洞	22 Jul 202500:00	–	cnnvd
CVE	CVE-2025-7724	22 Jul 202520:43	–	cve
EUVD	EUVD-2025-22373	3 Oct 202520:07	–	euvd
Japan Vulnerability Notes	TP-Link VIGI NVR1104H-4P and VIGI NVR2016H-16MP vulnerable to OS command injection	28 Jul 202508:53	–	jvn
NVD	CVE-2025-7724	22 Jul 202521:15	–	nvd
Positive Technologies	PT-2025-30475 · Unknown · Vigi Nvr2016H-16Mp +1	22 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-7724	24 Jul 202521:22	–	redhatcve
The Hacker News	⚡ Weekly Recap — SharePoint Breach, Spyware, IoT Hijacks, DPRK Fraud, Crypto Drains and More	28 Jul 202512:13	–	thn

[
  {
    "defaultStatus": "unaffected",
    "product": "VIGI NVR1104H-4P V1",
    "vendor": "TP-Link Systems Inc.",
    "versions": [
      {
        "lessThan": "1.1.5 Build 250518",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VIGI NVR2016H-16MP V2",
    "vendor": "TP-Link Systems Inc.",
    "versions": [
      {
        "lessThan": "1.3.1 Build 250407",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
tp-link	www.tp-link.com/us/support/faq/4547/
tp-link	www.tp-link.com/jp/support/download/vigi-nvr1104h-4p/
tp-link	www.tp-link.com/jp/support/download/vigi-nvr2016h-16mp/

23 Jul 2025 16:12Current

CVSS 48.7

EPSS0.00543

CWE-78