DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
References

No reference.

History

Mon, 16 Jun 2025 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
CPEs cpe:2.3:h:tp-link:eap120:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:eap120_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link eap120
Tp-link eap120 Firmware
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


Mon, 16 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 16 Jun 2025 22:00:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Thu, 24 Apr 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link eap120
Tp-link eap120 Firmware
CPEs cpe:2.3:h:tp-link:eap120:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:eap120_firmware:1.0:*:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link eap120
Tp-link eap120 Firmware

Wed, 23 Apr 2025 23:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Wed, 16 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard (version 1.0), allowing an unauthenticated attacker to inject malicious SQL statements via the login fields.
References

cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published: 2025-04-16T00:00:00.000Z

Updated: 2025-06-16T21:56:36.141Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29648

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-04-16T20:15:17.460

Modified: 2025-06-16T22:15:44.517

Link: CVE-2025-29648

cve-icon Redhat

No data.