CVE-2025-29650

Name of the Vulnerable Software and Affected Versions TP-Link M7200 4G LTE Mobile Wi-Fi Router version 1.0.7 Build 180127 Rel.55998n

Description A SQL Injection issue exists, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. This issue is disputed as it can only be reproduced on a supplier-provided emulator where access control is intentionally absent for ease of functional testing.

Recommendations For TP-Link M7200 4G LTE Mobile Wi-Fi Router version 1.0.7 Build 180127 Rel.55998n, consider disabling access to the login functionality that utilizes the username and password fields until a patch is available. Restrict access to the emulator to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.