The Veteran

**Name of the Vulnerable Software and Affected Versions** TP-Link M7200 4G LTE Mobile Wi-Fi Router version 1.0.7 Build 180127 Rel.55998n **Description** A SQL Injection issue exists, allowing an unauthenticated attacker to inject malicious SQL statements via the `username` and `password` fields. This issue is disputed as it can only be reproduced on a supplier-provided emulator where access control is intentionally absent for ease of functional testing. **Recommendations** For TP-Link M7200 4G LTE Mobile Wi-Fi Router version 1.0.7 Build 180127 Rel.55998n, consider disabling access to the login functionality that utilizes the `username` and `password` fields until a patch is available. Restrict access to the emulator to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware version 1.0.7 Build 170623 Rel.1022n **Description** A SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware, allowing an unauthenticated attacker to inject malicious SQL statements via the `username` and `password` fields. Note that this issue is disputed as it can only be reproduced on a supplier-provided emulator where access control is intentionally absent for ease of functional testing. **Recommendations** As a temporary workaround, consider disabling the login functionality that uses the `username` and `password` fields until a patch is available. Restrict access to the router's web interface to minimize the risk of exploitation. Avoid using the `username` and `password` fields in the affected firmware version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link M7000 4G LTE Mobile Wi-Fi Router Firmware version 1.0.7 Build 180127 Rel.55998n **Description** A SQL Injection vulnerability exists in the TP-Link M7000 4G LTE Mobile Wi-Fi Router Firmware, allowing an unauthenticated attacker to inject malicious SQL statements via the `username` and `password` fields. Note that this issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. **Recommendations** As a temporary workaround, consider disabling the login functionality until a patch is available. Restrict access to the router's web interface to minimize the risk of exploitation. Avoid using the `username` and `password` fields in the affected firmware version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware version 1.0.2 Build 170306 Rel.1015n **Description** A SQL Injection vulnerability exists, allowing an unauthenticated attacker to inject malicious SQL statements via the `username` and `password` fields. This enables the attacker to potentially access or manipulate sensitive data. **Recommendations** For TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware version 1.0.2 Build 170306 Rel.1015n, consider disabling the login functionality that uses the `username` and `password` fields until a patch is available. Restrict access to the router's administration interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.