- Description
- SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- disputed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.3
- Impact score
- 3.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-89
- Hype score
- Not currently trending
🔴 TP-Link TL-WR840N, SQL Injection, #CVE-2025-29649 (Critical) https://t.co/iEZ4w7uw4w
@dailycve
24 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29649 SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL state… https://t.co/39dMpjghKO
@CVEnew
20 Apr 2025
519 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-29649 🔴 HIGH (7.3) 🏢 Unknown Vendor - Unknown Product 🏗️ Unknown Version 🔗 https://t.co/rMqqmv7ed4 #CyberCron #VulnAlert #InfoSec https://t.co/zK1NKQYQWV
@cybercronai
17 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:tp-link:tl-wr840n_firmware:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F2E1762-B468-46CA-A3E9-44B4A21EC437"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:tp-link:tl-wr840n:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AF3078F3-4CD5-4157-9A2D-7E338B6C7058"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]