CVE-2025-7724 in VIGI NVR1104H-4P V1
Summary
by MITRE • 07/23/2025
An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/24/2025
This vulnerability represents a critical unauthenticated operating system command injection flaw in VIGI network video recorder devices, specifically affecting the NVR1104H-4P V1 and NVR2016H-16MP V2 models. The vulnerability stems from insufficient input validation and sanitization within the device's web interface, allowing remote attackers to execute arbitrary operating system commands without requiring authentication credentials. This fundamental security weakness creates a pathway for attackers to gain complete control over the affected devices, potentially enabling them to manipulate video feeds, access stored recordings, or use the devices as entry points for broader network infiltration. The vulnerability exists in the device's handling of user-supplied input parameters, particularly within the configuration and management interfaces that are exposed to external network access. Attackers can exploit this issue by crafting malicious payloads that are processed by the underlying operating system, bypassing all authentication mechanisms and authorization controls. The impact extends beyond simple command execution as it provides attackers with full administrative privileges over the affected NVR systems, enabling them to modify device configurations, disable security features, or even install malicious software.
The technical exploitation of this vulnerability aligns with CWE-77 and CWE-78 categories, specifically addressing command injection weaknesses in operating system command execution contexts. This vulnerability directly maps to attack techniques described in the MITRE ATT&CK framework under T1059.001 for command and scripting interpreter and T1021.001 for remote services. The affected devices operate on embedded operating systems that are typically less secure than enterprise-grade systems, making them particularly susceptible to such exploitation. The vulnerability affects firmware versions prior to 1.1.5 Build 250518 for NVR1104H-4P V1 and 1.3.1 Build 250407 for NVR2016H-16MP V2, indicating that these specific builds contain insufficient input validation controls that allow attackers to inject malicious commands through web-based interfaces. The nature of the flaw suggests that the device's web server processes user input directly without proper sanitization, creating an environment where attacker-controlled commands can be executed with the privileges of the web server process, which typically runs with elevated system permissions.
The operational impact of this vulnerability is severe and multifaceted, as it enables attackers to compromise entire video surveillance networks that rely on these devices. Organizations using affected VIGI NVR systems face potential exposure of sensitive surveillance data, including live video feeds, recorded footage, and system configuration details. The vulnerability can be exploited remotely from any location with internet access, making it particularly dangerous for organizations that deploy these devices in unsecured environments or without proper network segmentation. Attackers can leverage this vulnerability to establish persistent access points within network infrastructure, potentially using the compromised devices as staging areas for lateral movement attacks against other network components. The lack of authentication requirements means that attackers do not need to possess valid credentials or overcome access controls, making the exploitation process straightforward and accessible to threat actors with minimal technical expertise. This vulnerability also poses significant risks to privacy and security compliance, as surveillance systems often contain sensitive information that must be protected according to various regulatory frameworks including GDPR, HIPAA, and industry-specific security standards.
Mitigation strategies for this vulnerability must prioritize immediate firmware updates to the latest available versions that contain proper input validation and sanitization controls. Organizations should implement network segmentation to isolate affected devices from critical network segments and ensure that only authorized personnel have access to management interfaces. Network monitoring should be enhanced to detect unusual traffic patterns or command execution attempts that may indicate exploitation attempts. Security teams should conduct comprehensive vulnerability assessments to identify all instances of affected devices within their network infrastructure and establish automated patch management processes to prevent similar vulnerabilities from occurring in the future. Additional defensive measures include implementing web application firewalls to filter malicious input, disabling unnecessary network services, and regularly reviewing system logs for signs of unauthorized access attempts. The vulnerability highlights the importance of secure coding practices and proper input validation in embedded systems, particularly those handling user-supplied data in network-accessible interfaces. Organizations should also consider implementing intrusion detection systems specifically configured to identify exploitation attempts targeting command injection vulnerabilities in surveillance equipment and other network-connected devices.