CVE Details
Basic Information
| Title | Authenticated command injection on VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 |
|---|---|
| Type | cve |
| Published | 2025-07-22T20:42:56.916Z |
| Modified | 2025-07-22T20:42:56.916Z |
Product Information
| Vendor | TP-Link Systems Inc. |
|---|---|
| Product | VIGI NVR1104H-4P V1 |
| Version | 0 |
CVSS Information
| Base Score | 8.5 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
AI Analysis
| AI Description | A command injection vulnerability in TP-Link’s VIGI NVR devices allows authenticated attackers to execute arbitrary commands, potentially leading to system compromise. This affects VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 devices before specific firmware versions. |
|---|---|
| AI Severity | High |
| AI Vendor | TP-Link Systems Inc. |
| AI Product | VIGI NVR1104H-4P V1, VIGI NVR2016H-16MP V2 |
| AI Version | before 1.1.5 Build 250518, before 1.3.1 Build 250407 |
Affected Products
- TP-Link Systems Inc. VIGI NVR1104H-4P V1 0
- TP-Link Systems Inc. VIGI NVR2016H-16MP V2 0
Additional Information
| CWE List | CWE-78 |
|---|---|
| Source | TPLink |
Description
A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2. This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.