CVE-2025-29653 - Vulnerability Details

SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Tp-link	M7450 M7450 Firmware

No data.

References

No reference.

History

Mon, 16 Jun 2025 22:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-89
CPEs	cpe:2.3:h:tp-link:m7450:-:::::::* cpe:2.3:o:tp-link:m7450_firmware:1.0.2:build_170306_rel.1015n::::::
Vendors & Products	Tp-link Tp-link m7450 Tp-link m7450 Firmware
References	https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29653
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Mon, 16 Jun 2025 22:15:00 +0000

Type	Values Removed	Values Added
Description	SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.	DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Tp-link Tp-link m7450 Tp-link m7450 Firmware
CPEs		cpe:2.3:h:tp-link:m7450:-:::::::* cpe:2.3:o:tp-link:m7450_firmware:1.0.2:build_170306_rel.1015n::::::
Vendors & Products		Tp-link Tp-link m7450 Tp-link m7450 Firmware

Thu, 17 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-89
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 16 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
References		https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29653

MITRE

Status: REJECTED

Assigner: mitre

Published: 2025-04-16T00:00:00.000Z

Updated: 2025-06-16T22:00:18.988Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29653

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-04-16T20:15:17.963

Modified: 2025-06-16T22:16:31.940

Link: CVE-2025-29653

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object