DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
References

No reference.

History

Mon, 16 Jun 2025 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
CPEs cpe:2.3:h:tp-link:m7650:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:m7650_firmware:1.0.7:build_170623_rel.1022n:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link m7650
Tp-link m7650 Firmware
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Mon, 16 Jun 2025 22:15:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing. DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 24 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Tp-link
Tp-link m7650
Tp-link m7650 Firmware
CPEs cpe:2.3:h:tp-link:m7650:-:*:*:*:*:*:*:*
cpe:2.3:o:tp-link:m7650_firmware:1.0.7:build_170623_rel.1022n:*:*:*:*:*:*
Vendors & Products Tp-link
Tp-link m7650
Tp-link m7650 Firmware

Wed, 23 Apr 2025 23:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where access control is intentionally absent for ease of functional testing.

Thu, 17 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in the TP-Link M7650 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.7 Build 170623 Rel.1022n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields.
References

cve-icon MITRE

Status: REJECTED

Assigner: mitre

Published: 2025-04-16T00:00:00.000Z

Updated: 2025-06-16T21:58:35.278Z

Reserved: 2025-03-11T00:00:00.000Z

Link: CVE-2025-29651

cve-icon Vulnrichment

Updated:

cve-icon NVD

Status : Rejected

Published: 2025-04-16T20:15:17.760

Modified: 2025-06-16T22:16:13.750

Link: CVE-2025-29651

cve-icon Redhat

No data.