SQL Injection Flaw in TP-Link M7200 4G LTE Mobile Wi-Fi Router
CVE-2025-29650

Currently unrated

Key Information:

Vendor: TP-Link
Status: M7200 4G LTE Mobile Wi-Fi Router
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-29650?

An SQL injection vulnerability has been identified in the TP-Link M7200 4G LTE Mobile Wi-Fi Router, specifically in firmware version 1.0.7 Build 180127 Rel.55998n. This flaw permits unauthenticated attackers to manipulate SQL queries by injecting malicious SQL statements through the username and password field inputs, posing significant risks to user data and the router's overall security. Proper incident response and patching are essential to mitigate these risks.

References

https://github.com/TheVeteran1/Vulnerability-Research/blo...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025