CVE-2025-7724
CVE-2025-7724
8.7
HighPublished:
Last updated:
Source:f23511db-6c3e-4e32-a477-6aa17d310630
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Adjacent
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.
References
f23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/jp/support/download/vigi-nvr1104h-4p/#Firmwaref23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/jp/support/download/vigi-nvr2016h-16mp/#Firmwaref23511db-6c3e-4e32-a477-6aa17d310630
https://www.tp-link.com/us/support/faq/4547/