CVE-2025-29651 - Tp-link M7650 Firmware

Critical 9.8

SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Affected software

Tp-link M7650 Firmware

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.