PT-2025-16881 · Tp Link · Tp-Link Tl-Wr840N

Theveteran1

Published

2025-04-10

Updated

2025-04-24

CVE-2025-29649

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TP-Link TL-WR840N router version 1.0

Description A SQL Injection vulnerability exists in the TP-Link TL-WR840N router's login dashboard, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. This issue is disputed because it can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Recommendations For version 1.0, consider disabling the login dashboard functionality until a patch is available. Restrict access to the login dashboard to minimize the risk of exploitation. Avoid using the username and password fields in the login dashboard until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-05221

CVE-2025-29649

Affected Products

Tp-Link Tl-Wr840N

PT-2025-16881 · Tp Link · Tp-Link Tl-Wr840N

CVE-2025-29649

Weakness Enumeration

Related Identifiers

Affected Products

References · 11