CVE-2025-29648

Name of the Vulnerable Software and Affected Versions TP-Link EAP120 router version 1.0

Description A SQL Injection vulnerability exists in the TP-Link EAP120 router's login dashboard, allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. Note that this issue is disputed because it can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Recommendations For version 1.0, consider disabling the login functionality until a patch is available to prevent exploitation of the SQL Injection vulnerability. Restrict access to the login dashboard to minimize the risk of exploitation. Avoid using the login fields in the affected dashboard until the issue is resolved.