Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing significant risks to surveillance infrastructure security. Exploiting these vulnerabilities could enable malicious actors to compromise surveillance footage, alter device settings, or use the network video recorders (NVRs) as footholds for further attacks within an organization’s network. One flaw needs login; the other works without credentials, posing a high risk.
Source: https://cybersecuritynews.com/tp-link-network-video-recorder-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/tp-link-corporation
"id": "tp-335072525",
"linkid": "tp-link-corporation",
"type": "Vulnerability",
"date": "7/2025",
"severity": "25",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"{'affected_entities': [{'industry': 'Technology',
'name': 'TP-Link',
'type': 'Manufacturer'}],
'attack_vector': ['Authenticated Command Injection',
'Unauthenticated Command Injection'],
'description': 'Two high-severity vulnerabilities in TP-Link VIGI network '
'video recorder (NVR) systems could allow attackers to execute '
'arbitrary commands on affected devices.',
'impact': {'systems_affected': ['VIGI NVR1104H-4P V1',
'VIGI NVR2016H-16MP V2']},
'recommendations': ['Update device firmware immediately',
'Post-update configuration verification'],
'response': {'containment_measures': ['Firmware updates',
'Network segmentation'],
'network_segmentation': 'Implement additional network '
'segmentation measures',
'remediation_measures': ['Firmware updates']},
'title': 'TP-Link VIGI NVR Command Injection Vulnerabilities',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': ['CVE-2025-7723', 'CVE-2025-7724']}