CVE-2025-29650 - Tp-link M7200 Firmware

Moderate 6.3

SQL Injection vulnerability exists in the TP-Link M7200 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 180127 Rel.55998n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Affected software

Tp-link M7200 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.