SQL Injection Vulnerability in TP-Link M7000 4G LTE Mobile Wi-Fi Router
CVE-2025-29652

9.8CRITICAL

Key Information:

Vendor: TP-Link
Status: M7000 4G LTE Mobile Wi-Fi Router
Vendor: CVE Published:; 16 April 2025

Summary

An SQL Injection vulnerability has been identified in the TP-Link M7000 4G LTE Mobile Wi-Fi Router. This flaw allows an unauthenticated attacker to exploit the device by injecting malicious SQL statements through the username and password input fields. Successful exploitation may enable attackers to manipulate the database, potentially leading to unauthorized access and data exposure within the router's firmware, compromising the security of the connected network.

References

https://github.com/TheVeteran1/Vulnerability-Research/blo...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 16, 2025