SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Tp-link
  • Tl-wr840n
  • Tl-wr840n Firmware

No data.

No data.

No data.

References

No reference.

History

Mon, 16 Jun 2025 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
CPEs cpe:2.3:h:tp-link:tl-wr840n:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr840n_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link tl-wr840n
Tp-link tl-wr840n Firmware
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Mon, 16 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 24 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link tl-wr840n
Tp-link tl-wr840n Firmware
CPEs cpe:2.3:h:tp-link:tl-wr840n:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:tl-wr840n_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link tl-wr840n
Tp-link tl-wr840n Firmware

Wed, 23 Apr 2025 23:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Wed, 16 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
References
cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published:

Updated: 2025-06-16T21:57:22.830Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29649

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-04-16T20:15:17.563

Modified: 2025-06-16T22:15:55.553

Link: CVE-2025-29649

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.