CVE-2025-29648 - Tp-link Eap120 Firmware

Critical 7.3

SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Affected software

Tp-link Eap120 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.