SQL Injection Vulnerability in TP-Link EAP120 Router
CVE-2025-29648

Currently unrated

Key Information:

Vendor: TP-Link
Status: EAP120 Router
Vendor: CVE Published:; 16 April 2025

Summary

An SQL Injection vulnerability exists in the login dashboard of the TP-Link EAP120 router (version 1.0). This flaw allows unauthenticated attackers to exploit the router's login fields, injecting harmful SQL statements. As a result, attackers may gain unauthorized access to critical data, jeopardizing the integrity and confidentiality of the router's settings and connected devices.

References

https://github.com/TheVeteran1/Vulnerability-Research/blo...

Timeline

Vulnerability published
Apr 16, 2025