InfoSecBulletin Cybersecurity for mankind
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces.
Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials.
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
SonicWall warns of a trojanized NetExtender stealing VPN logins
CVE-2025-36537
TeamViewer patched vuln allowing hacker SYSTEM Rights
Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
TP-Link Router Vulnerabilities:
CVE-2025-29648: TP-Link EAP120 SQL Injection Vulnerability:
This vulnerability impacts the TP-Link EAP120 router (version 1.0) as its login dashboard does not adequately sanitize user input in the authentication fields.
An unauthenticated attacker can inject harmful SQL statements into these fields. This could let the attacker bypass authentication and gain administrative access to the device.
CVE-2025-29649: TP-Link TL-WR840N SQL Injection Vulnerability:
The TP-Link TL-WR840N router (version 1.0) has a SQL injection vulnerability. The login page allows unsanitized input in the username and password fields, enabling attackers to inject SQL code. This can allow unauthorized access to the router’s admin interface without valid credentials.
CVE-2025-29650: TP-Link M7200 4G LTE Mobile Wi-Fi Router SQL Injection Vulnerability:
The vulnerability affects the TP-Link M7200 4G LTE Mobile Wi-Fi Router with firmware version 1.0.7 Build 180127 Rel.55998n. The login interface fails to sanitize input in the username and password fields, enabling an attacker to inject harmful SQL statements. This could lead to unauthorized access to the router’s management console.
CVE-2025-29653: TP-Link M7450 4G LTE Mobile Wi-Fi Router SQL Injection Vulnerability:
The TP-Link M7450 4G LTE Mobile Wi-Fi Router, firmware version 1.0.2 Build 170306 Rel.1015n, is susceptible to SQL injection on its login page. An unauthenticated attacker can exploit this vulnerability to execute SQL commands, risking full control over the device’s admin functions.
TP-Link is aware of these vulnerabilities, but no security patches have been released yet.
SSL.com’s domain validation system’s bug found: Hacker exploited
