Cybersecurity researchers have uncovered critical SQL injection vulnerabilities in four TP-Link router models, enabling attackers to execute malicious commands, bypass authentication, and potentially hijack devices.
The flaws, discovered by researcher The Veteran between February and March 2025, highlight ongoing security risks in widely used networking hardware.
The vulnerabilities impact both enterprise and consumer routers, including mobile Wi-Fi hotspots. Below is a summary of the flaws:
CVE ID | Affected Product | Firmware Version | Discovery Date |
CVE-2025-29648 | TP-Link EAP120 Router | 1.0 | February 2025 |
CVE-2025-29649 | TP-Link TL-WR840N Router | 1.0 | February 2025 |
CVE-2025-29650 | TP-Link M7200 4G LTE Mobile Router | 1.0.7 | March 2025 |
CVE-2025-29653 | TP-Link M7450 4G LTE Mobile Router | 1.0.2 | March 2025 |
All four vulnerabilities stem from unsanitized user input in login dashboards. Attackers can inject malicious SQL statements into username or password fields, exploiting poorly configured authentication mechanisms. Successful exploitation allows:
The Veteran noted, “These flaws are alarmingly straightforward to exploit. Attackers could compromise routers in minutes, turning them into entry points for larger network breaches.”
Compromised routers could enable:
TP-Link has not yet released patches for the affected models as of April 2025. Users of the EAP120, TL-WR840N, M7200, and M7450 are urged to monitor for firmware updates.
The Veteran reported the flaws through standard disclosure channels and published technical analyses on GitHub. “Vendors must adopt stricter input validation protocols,” they emphasized. “These vulnerabilities are preventable with basic security practices.”
As IoT devices proliferate, robust security measures are non-negotiable. TP-Link users should treat these vulnerabilities with urgency and apply patches immediately upon release.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt…
A threat actor known as #LongNight has reportedly put up for sale remote code execution…
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile…
Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular application…
The European Union has escalated its response to Russia’s ongoing campaign of hybrid threats, announcing…
Venice.ai has rapidly emerged as a disruptive force in the AI landscape, positioning itself as…