Multiple vulnerabilities have been identified in popular TP-Link routers that expose users to severe security risks due to SQL injection flaws in their web management interfaces. 

These vulnerabilities, discovered by security researcher “The Veteran,” allow remote attackers to bypass authentication and gain unauthorized control of the devices without needing valid credentials. 

Overview of the TP-Link Router Vulnerabilities

CVE-2025-29648: TP-Link EAP120 SQL Injection Vulnerability

This vulnerability affects the TP-Link EAP120 router (version 1.0). The login dashboard fails to properly sanitize user input in the authentication fields. 

As a result, an unauthenticated attacker can inject malicious SQL statements through these fields. 

Successful exploitation could allow the attacker to bypass authentication and potentially gain administrative access to the device.

CVE-2025-29649: TP-Link TL-WR840N SQL Injection Vulnerability

The TP-Link TL-WR840N router (version 1.0) is susceptible to a similar SQL injection flaw. 

The login dashboard accepts unsanitized input in the username and password fields, enabling an unauthenticated attacker to inject arbitrary SQL code. 

This can bypass login controls and access the router’s administrative interface without valid credentials.

CVE-2025-29650: TP-Link M7200 4G LTE Mobile Wi-Fi Router SQL Injection Vulnerability

This vulnerability affects the TP-Link M7200 4G LTE Mobile Wi-Fi Router running firmware version 1.0.7 Build 180127 Rel.55998n. 

The device’s login interface does not properly sanitize input in the username and password fields, allowing an unauthenticated attacker to inject malicious SQL statements. 

Exploitation could result in unauthorized access to the router’s management console.

CVE-2025-29653: TP-Link M7450 4G LTE Mobile Wi-Fi Router SQL Injection Vulnerability

The TP-Link M7450 4G LTE Mobile Wi-Fi Router, specifically firmware version 1.0.2 Build 170306 Rel.1015n, is vulnerable to SQL injection via the username and password fields on its login page. 

An unauthenticated attacker can exploit this flaw to inject arbitrary SQL commands, potentially leading to full compromise of the device’s administrative functions.

These vulnerabilities pose significant security risks to both home and business users. A successful attack could grant adversaries complete control over the affected routers, potentially allowing them to:

• Monitor and intercept network traffic
• Modify DNS settings to redirect users to malicious websites
• Use the compromised router as a launching point for attacks on other devices
• Access sensitive information transmitted over the network

TP-Link has been notified of these vulnerabilities, but as of this publication, no security patches have been confirmed as being released. 

Until official fixes become available, security experts recommend the following precautions:

• Change default admin credentials
• Disable remote management
• Ensure router firmware is updated to the latest available version
• Consider using network monitoring tools to detect unusual activity

Users of the affected devices should monitor TP-Link’s security advisories for upcoming patches and implement recommended security measures immediately.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy