What is the severity of CVE-2025-29651?

CVE-2025-29651 has been rated as high severity due to its potential exploitation by unauthenticated attackers.

How do I fix CVE-2025-29651?

To fix CVE-2025-29651, update the firmware of the TP-Link M7650 to the latest version provided by the manufacturer.

Who is affected by CVE-2025-29651?

Users of the TP-Link M7650 4G LTE Mobile Wi-Fi Router running firmware version 1.0.7 Build 170623 Rel.1022n are affected by CVE-2025-29651.

What can attackers do with CVE-2025-29651?

Attackers can exploit CVE-2025-29651 to execute arbitrary SQL commands, compromising the database and potentially gaining unauthorized access.

Is there any workaround for CVE-2025-29651?

While updating the firmware is the best solution, temporarily changing the router's user credentials can help mitigate risks until a patch is applied.

Vulnerability/
CVE-2025-29651

critical

9.8

CWE

16/4/2025

24/4/2025

CVE-2025-29651: SQL Injection

First published: Wed Apr 16 2025(Updated: )

SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
TP-Link M7650 4G LTE Mobile Wi-Fi Router
All of
Tp-link M7650 Firmware	=1.0.7-build_170623_rel.1022n
Tp-link M7650 Firmware

Never miss a vulnerability like this again

Reference Links

https://github.com/TheVeteran1/Vulnerability-Research/blob/main/CVE-2025-29651

Frequently Asked Questions

What is the severity of CVE-2025-29651?
CVE-2025-29651 has been rated as high severity due to its potential exploitation by unauthenticated attackers.
How do I fix CVE-2025-29651?
To fix CVE-2025-29651, update the firmware of the TP-Link M7650 to the latest version provided by the manufacturer.
Who is affected by CVE-2025-29651?
Users of the TP-Link M7650 4G LTE Mobile Wi-Fi Router running firmware version 1.0.7 Build 170623 Rel.1022n are affected by CVE-2025-29651.
What can attackers do with CVE-2025-29651?
Attackers can exploit CVE-2025-29651 to execute arbitrary SQL commands, compromising the database and potentially gaining unauthorized access.
Is there any workaround for CVE-2025-29651?
While updating the firmware is the best solution, temporarily changing the router's user credentials can help mitigate risks until a patch is applied.

agent/references
agent/type
agent/first-publish-date
agent/source
agent/author
agent/severity
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/last-modified-date
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
vendor/tp-link
canonical/tp-link m7650 4g lte mobile wi-fi router
canonical/tp-link m7650 firmware
version/tp-link m7650 firmware/1.0.7-build_170623_rel.1022n

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.