InfoSecBulletin Cybersecurity for mankind
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces.
Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials.
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
TP-Link Router Vulnerabilities:
CVE-2025-29648: TP-Link EAP120 SQL Injection Vulnerability:
This vulnerability impacts the TP-Link EAP120 router (version 1.0) as its login dashboard does not adequately sanitize user input in the authentication fields.
An unauthenticated attacker can inject harmful SQL statements into these fields. This could let the attacker bypass authentication and gain administrative access to the device.
CVE-2025-29649: TP-Link TL-WR840N SQL Injection Vulnerability:
The TP-Link TL-WR840N router (version 1.0) has a SQL injection vulnerability. The login page allows unsanitized input in the username and password fields, enabling attackers to inject SQL code. This can allow unauthorized access to the router’s admin interface without valid credentials.
CVE-2025-29650: TP-Link M7200 4G LTE Mobile Wi-Fi Router SQL Injection Vulnerability:
The vulnerability affects the TP-Link M7200 4G LTE Mobile Wi-Fi Router with firmware version 1.0.7 Build 180127 Rel.55998n. The login interface fails to sanitize input in the username and password fields, enabling an attacker to inject harmful SQL statements. This could lead to unauthorized access to the router’s management console.
CVE-2025-29653: TP-Link M7450 4G LTE Mobile Wi-Fi Router SQL Injection Vulnerability:
The TP-Link M7450 4G LTE Mobile Wi-Fi Router, firmware version 1.0.2 Build 170306 Rel.1015n, is susceptible to SQL injection on its login page. An unauthenticated attacker can exploit this vulnerability to execute SQL commands, risking full control over the device’s admin functions.
TP-Link is aware of these vulnerabilities, but no security patches have been released yet.
SSL.com’s domain validation system’s bug found: Hacker exploited
