Theveteran1

**Name of the Vulnerable Software and Affected Versions** TP-Link EAP120 router version 1.0 **Description** A SQL Injection vulnerability exists in the TP-Link EAP120 router's login dashboard, allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. Note that this issue is disputed because it can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. **Recommendations** For version 1.0, consider disabling the login functionality until a patch is available to prevent exploitation of the SQL Injection vulnerability. Restrict access to the login dashboard to minimize the risk of exploitation. Avoid using the login fields in the affected dashboard until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TP-Link TL-WR840N router version 1.0 **Description** A SQL Injection vulnerability exists in the TP-Link TL-WR840N router's login dashboard, allowing an unauthenticated attacker to inject malicious SQL statements via the `username` and `password` fields. This issue is disputed because it can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. **Recommendations** For version 1.0, consider disabling the login dashboard functionality until a patch is available. Restrict access to the login dashboard to minimize the risk of exploitation. Avoid using the `username` and `password` fields in the login dashboard until the issue is resolved.