TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution
Ddos 
TP-Link has issued a security advisory warning users of two critical operating system command injection vulnerabilities affecting its VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 network video recorder (NVR) devices. The flawsβCVE-2025-7723 and CVE-2025-7724βcarry CVSS scores of 8.5 and 8.7, respectively, and could allow attackers to execute arbitrary commands on the underlying system.
βAttackers may execute arbitrary commands on the deviceβs underlying operating system,β TP-Link stated in its advisory.
These vulnerabilities affect the following firmware versions:
- VIGI NVR1104H-4P V1: firmware versions prior to 1.1.5 Build 250518
- VIGI NVR2016H-16MP V2: firmware versions prior to 1.3.1 Build 250407
CVE-2025-7723 represents a post-authentication command injection flaw. Attackers with valid credentials can leverage this vulnerability to run malicious OS-level commands. Although this requires authentication, it poses a serious risk in environments where credentials may be weak, shared, or already compromised.
CVE-2025-7724, on the other hand, is even more dangerous. It allows unauthenticated attackers to exploit the system without any login credentials. A successful exploit would give the attacker command-line access to the underlying OS, potentially leading to complete device takeover, surveillance tampering, or lateral movement across networks.
TP-Link has released patched firmware versions for both affected NVR models. Users are strongly urged to upgrade their devices to the following firmware builds:
- VIGI NVR1104H-4P V1: 1.1.5 Build 250518
- VIGI NVR2016H-16MP V2: 1.3.1 Build 250407
Related Posts:
- PoC Released for Unauthenticated RCE Vulnerability in TP-Link VIGI NVR4032H Network Video Recorder
- CVE-2023-47565 Flaw in QNAP NVR Devices Exploited in the Wild
- Old Vulnerability, New Attacks: Botnets Swarm Exploited CVE-2023-1389 in TP-Link Routers
- Congress Scrutinizes TP-Link Routers Over Cybersecurity Concerns
- Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
