DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References

No reference.

History

Mon, 16 Jun 2025 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
CPEs cpe:2.3:h:tp-link:eap120:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:eap120_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link eap120
Tp-link eap120 Firmware
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Mon, 16 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Jun 2025 22:00:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Thu, 24 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link eap120
Tp-link eap120 Firmware
CPEs cpe:2.3:h:tp-link:eap120:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:eap120_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link eap120
Tp-link eap120 Firmware

Wed, 23 Apr 2025 23:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Wed, 16 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields.
References
cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published: 2025-04-16T00:00:00.000Z

Updated: 2025-06-16T21:56:36.141Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29648

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-04-16T20:15:17.460

Modified: 2025-06-16T22:15:44.517

Link: CVE-2025-29648

cve-icon Redhat

No data.