SQL Injection Vulnerability in TP-Link M7650 4G LTE Mobile Wi-Fi Router
CVE-2025-29651

9.8CRITICAL

Key Information:

Vendor: TP-Link
Status: M7650 4G LTE Mobile Wi-Fi Router
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router that allows an unauthenticated attacker to exploit the device by injecting malicious SQL statements into the username and password input fields. This can lead to unauthorized access and manipulation of the router's database, potentially compromising sensitive user information and device functionality.

References

https://github.com/TheVeteran1/Vulnerability-Research/blo...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025