DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

References

No reference.

History

Mon, 16 Jun 2025 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
CPEs cpe:2.3:h:tp-link:m7650:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:m7650_firmware:1.0.7:build_170623_rel.1022n:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link m7650
Tp-link m7650 Firmware
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 16 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 24 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link m7650
Tp-link m7650 Firmware
CPEs cpe:2.3:h:tp-link:m7650:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:m7650_firmware:1.0.7:build_170623_rel.1022n:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link m7650
Tp-link m7650 Firmware

Wed, 23 Apr 2025 23:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Thu, 17 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
References
cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published: 2025-04-16T00:00:00.000Z

Updated: 2025-06-16T21:58:35.278Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29651

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-04-16T20:15:17.760

Modified: 2025-06-16T22:16:13.750

Link: CVE-2025-29651

cve-icon Redhat

No data.