TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands
Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices.
The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing significant risks to surveillance infrastructure security.
Key Takeaways
1. Two serious vulnerabilities let attackers run commands on TP-Link VIGI NVR devices.
2. One flaw needs login; the other works without credentials, posing a high risk.
3. Update the device firmware immediately to stay protected.
CVE-2025-7723: Authenticated Command Injection Vulnerability
CVE-2025-7723 is a high-severity operating system (OS) command injection vulnerability, which allows attackers with authenticated access to inject and execute arbitrary OS-level commands on the affected devices.
With a CVSS v4.0 score of 8.5, this vulnerability is considered serious, as it grants attackers significant control over the system once they have logged in.
Exploiting this vulnerability could enable malicious actors to compromise surveillance footage, alter device settings, or use the network video recorders (NVRs) as footholds for further attacks within an organization’s network.
CVE-2025-7724: Unauthenticated Command Injection Vulnerability
CVE-2025-7724 represents an even higher risk due to the lack of authentication required for exploitation.
Assigned a CVSS v4.0 score of 8.7, this vulnerability enables attackers to execute arbitrary commands on affected VIGI NVR devices without needing to log in or provide credentials.
This makes the flaw especially dangerous because it can be exploited remotely by anyone with adjacent network access, requiring only minimal effort or technical knowledge.
Successful exploitation can fully compromise the device’s confidentiality, integrity, and availability, allowing attackers to tamper with stored video data, disrupt operations, or launch further attacks within the local network.
Specifically affected are VIGI NVR1104H-4P V1 devices running firmware versions prior to 1.1.5 Build 250518 and VIGI NVR2016H-16MP V2 systems with firmware versions before 1.3.1 Build 250407.
| CVE ID | Title | Affected Versions | CVSS 3.1 Score | Severity |
| CVE-2025-7723 | Authenticated Command Injection | VIGI NVR1104H-4P V1 < 1.1.5 Build 250518VIGI NVR2016H-16MP V2 < 1.3.1 Build 250407 | 8.5 | High |
| CVE-2025-7724 | Unauthenticated Command Injection | VIGI NVR1104H-4P V1 < 1.1.5 Build 250518VIGI NVR2016H-16MP V2 < 1.3.1 Build 250407 | 8.7 | High |
Mitigations
TP-Link has released firmware updates to address both vulnerabilities and strongly recommends immediate deployment of these patches.
Users must upgrade VIGI NVR1104H-4P V1 systems to firmware version 1.1.5 Build 250518 and VIGI NVR2016H-16MP V2 devices to version 1.3.1 Build 250407.
The company emphasizes the importance of post-update configuration verification to ensure all security settings remain properly configured after the firmware upgrade process.
Network administrators should download the latest firmware directly from TP-Link’s official support channels and implement additional network segmentation measures to limit potential attack surfaces.
Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now
Source link
