CVE-2025-7724

Unauthenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2

Description

An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.

INFO

Published Date :

2025-07-22T20:43:18.637Z

Last Modified :

2026-02-26T17:50:24.386Z

Source :

TPLink

AFFECTED PRODUCTS

The following products are affected by CVE-2025-7724 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-7724.

URL	Resource
https://www.tp-link.com/jp/support/download/vigi-nvr1104h-4p/#Firmware
https://www.tp-link.com/jp/support/download/vigi-nvr2016h-16mp/#Firmware
https://www.tp-link.com/us/support/faq/4547/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability