CVE-2025-29653

Name of the Vulnerable Software and Affected Versions TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware version 1.0.2 Build 170306 Rel.1015n

Description A SQL Injection vulnerability exists, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. This enables the attacker to potentially access or manipulate sensitive data.

Recommendations For TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware version 1.0.2 Build 170306 Rel.1015n, consider disabling the login functionality that uses the username and password fields until a patch is available. Restrict access to the router's administration interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.