Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers to execute malicious commands, bypass authentication, and potentially hijack devices.
The flaws, discovered by researcher The Veteran between February and March 2025, highlight ongoing security risks in widely used networking hardware.
The vulnerabilities impact both enterprise and consumer routers, including mobile Wi-Fi hotspots. Below is a summary of the flaws:
CVE ID | Affected Product | Firmware Version | Discovery Date |
CVE-2025-29648 | TP-Link EAP120 Router | 1.0 | February 2025 |
CVE-2025-29649 | TP-Link TL-WR840N Router | 1.0 | February 2025 |
CVE-2025-29650 | TP-Link M7200 4G LTE Mobile Router | 1.0.7 | March 2025 |
CVE-2025-29653 | TP-Link M7450 4G LTE Mobile Router | 1.0.2 | March 2025 |
Technical Overview
All four vulnerabilities stem from unsanitized user input in login dashboards. Attackers can inject malicious SQL statements into username or password fields, exploiting poorly configured authentication mechanisms. Successful exploitation allows:
- Authentication bypass to gain administrative access.
- Execution of arbitrary SQL commands to manipulate router databases.
- Potential lateral movement within connected networks.
The Veteran noted, “These flaws are alarmingly straightforward to exploit. Attackers could compromise routers in minutes, turning them into entry points for larger network breaches.”
Compromised routers could enable:
- Data interception (e.g., redirecting traffic to phishing sites).
- Malware distribution to connected devices.
- Network disruption via DNS hijacking or firmware tampering.
TP-Link has not yet released patches for the affected models as of April 2025. Users of the EAP120, TL-WR840N, M7200, and M7450 are urged to monitor for firmware updates.
- Isolate affected routers: Temporarily disconnect from critical networks.
- Enable auto-updates: Check TP-Link’s official portal for firmware releases.
- Use secondary authentication: Implement VPNs or multi-factor authentication (MFA) where possible.
- Monitor traffic: Look for unusual activity, such as unrecognized devices or configuration changes.
The Veteran reported the flaws through standard disclosure channels and published technical analyses on GitHub. “Vendors must adopt stricter input validation protocols,” they emphasized. “These vulnerabilities are preventable with basic security practices.”
As IoT devices proliferate, robust security measures are non-negotiable. TP-Link users should treat these vulnerabilities with urgency and apply patches immediately upon release.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!