CyberSecurityBoard
Sponsor Register Login

TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands

Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. Specifically affected are VIGI NVR1104H-4P V1 devices running firmware versions prior to 1.1.5 Build 250518 and VIGI NVR2016H-16MP V2 systems with firmware versions before 1.3.1 Build 250407. Users must upgrade VIGI NVR1104H-4P V1 systems to firmware version 1.1.5 Build 250518 and VIGI NVR2016H-16MP V2 devices to version 1.3.1 Build 250407. CVE-2025-7723 is a high-severity operating system (OS) command injection vulnerability, which allows attackers with authenticated access to inject and execute arbitrary OS-level commands on the affected devices. The security flaws, identified as CVE-2025-7723 and CVE-2025-7724, impact the VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2 models, posing significant risks to surveillance infrastructure security. Two serious vulnerabilities let attackers run commands on TP-Link VIGI NVR devices. Successful exploitation can fully compromise the device’s confidentiality, integrity, and availability, allowing attackers to tamper with stored video data, disrupt operations, or launch further attacks within the local network. Network administrators should download the latest firmware directly from TP-Link’s official support channels and implement additional network segmentation measures to limit potential attack surfaces.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 24 Jul 2025 17:35:13 +0000


Cyber News related to TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands

15 Best Bandwidth Monitoring Tools in 2025 - By providing real-time data on network usage, bandwidth monitoring tools enable proactive management and quick resolution of issues that could impact network performance. It provides real-time monitoring of network performance, traffic analysis, and ...
9 hours ago Cybersecuritynews.com
WebRTC vs. RTSP: Understanding the IoT Video Streaming Protocols - At the moment, there is a constantly increasing number of smart video cameras collecting and streaming video throughout the world. Here's what you need to know about WebRTC vs. RTSP and their suitability for various streaming needs. The Basics of ...
1 year ago Feeds.dzone.com
TP-Link Network Video Recorder Vulnerability Let Attackers Execute Arbitrary Commands - Two high-severity vulnerabilities in TP-Link VIGI network video recorder (NVR) systems could allow attackers to execute arbitrary commands on affected devices. Specifically affected are VIGI NVR1104H-4P V1 devices running firmware versions prior to ...
1 day ago Cybersecuritynews.com CVE-2025-7723
5 Valuable Skills Kids Can Gain by Playing Video Games - Video games come in all shapes and sizes and can be very educational for children of all ages. Video games can provide children with valuable skills that can help them in their everyday lives. From problem-solving abilities to self-control, learning ...
2 years ago Welivesecurity.com
CVE-2021-2461 - Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Provision API). The supported version that is affected is 6.4. Easily exploitable vulnerability allows unauthenticated attacker with ...
3 years ago
Network Protection: How to Secure a Network - Network security protects and monitors the links and the communications within the network using a combination of hardware, software, and enforced policies. Best practices for network security directly counter the major threats to the network with ...
1 year ago Esecurityplanet.com
CVE-2007-0018 - Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the ...
6 years ago
Why Use a VLAN? Unveiling the Benefits of Virtual LANs in Network Security - Virtual Local Area Networks, or VLANs, serve as a critical computing technology designed for effective network traffic management. How VLANs function within a network environment revolves around effectively managing and directing network traffic. ...
1 year ago Securityboulevard.com
CVE-2020-14574 - Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications (component: FACE). Supported versions that are affected are 6.1-6.4. Difficult to exploit vulnerability allows high privileged ...
5 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Top 19 Network Security Threats + Defenses for Each - Network security threats are technological risks that weaken the defenses of an enterprise network, endangering proprietary data, critical applications, and the entire IT infrastructure. There are seven major categories of network security issues ...
1 year ago Esecurityplanet.com
CVE-2021-27392 - A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Video Open Network Bridge (2019 R3), Siveillance ...
3 years ago
Correct bad network behavior to bolster application experience - Legacy hardware-based applications existed happily in isolation, untethered from a network. Today, even the software running from personal hard drives relies on other applications across the network to perform. Many modern apps run off a remote ...
1 year ago Helpnetsecurity.com
The Benefits of Video Conferencing with iMind: Exploring the Positive Impacts - Video conferencing with iMind is a great way to leverage the benefits of remote communication for employees and businesses alike. From increasing collaboration and flexibility to cost-savings and improved time management, the advantages of video ...
2 years ago Hackread.com
School Wi-Fi Security Guidelines - When choosing a strong Wi-Fi password for your school network, it is crucial to follow proper guidelines to ensure maximum security. School network security heavily relies on robust Wi-Fi encryption and effective wireless network protection measures. ...
1 year ago Securityzap.com
Jumpstart your studies for ENNA with Network Assurance Prep - It's no secret that today's networks span across a vast, decentralized web of services, where anything can-and will-happen to your data. When your network's not under your direct control, it's hard to see issues. Not knowing what's going on in and ...
1 year ago Feedpress.me
10 Best Network as a Service for MSSP Providers - Network as a Service for Managed Security Service Providers offers a revolutionary way to provide networking and security services to clients. Network security leaders such as Perimeter81 offer Managed Service Provider partners a powerful, scalable, ...
1 year ago Cybersecuritynews.com
Google Admits Editing of AI Viral Video for Enhanced Presentation - jA widely-viewed video showcasing the purported real-time interaction capabilities of Google's artificial intelligence model, Gemini, has been revealed to have been manipulated for demonstration purposes. The video, garnering 1.6 million views on ...
1 year ago Cysecurity.news
CVE-2024-43876 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
A Symphony of Network Success: Simplify, Secure, and Scale with Cisco SD-WAN Enhancements - Your network is like an orchestra, where each element assumes the role of a unique instrument-computers, devices, applications, security measures, remote connections. Cisco SD-WAN empowers both enterprise IT teams and managed service providers to ...
1 year ago Feedpress.me
CVE-2019-13382 - UploaderService in SnagIT 2019.1.2 allows elevation of privilege by placing an invalid presentation file in %PROGRAMDATA%\TechSmith\TechSmith Recorder\QueuedPresentations and then creating a symbolic link in %PROGRAMDATA%\Techsmith\TechSmith ...
4 years ago
YouTube warns of AI-generated video of its CEO used in phishing attacks - The description of the video linked in the phishing emails asked those who open it to click a link that brings them to a page (studio.youtube-plus[.]com) where they're asked to "confirm the updated YouTube Partner Program (YPP) terms ...
4 months ago Bleepingcomputer.com
CVE-2023-38523 - The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This ...
1 year ago
CVE-2021-47146 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2019-14760 - An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)