EUVD-2025-17410CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Tags
Description
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Analysis
Quantenna Wi-Fi chipsets ship with an unauthenticated telnet interface enabled by default, allowing remote attackers to gain full administrative access without credentials. This affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28, and while no official patch has been released at the time of CVE publication, the vendor has provided a best practices guide for implementors. The vulnerability enables both complete confidentiality and integrity compromise of affected devices.
Technical Context
The vulnerability stems from CWE-306 (Missing Authentication for Critical Function), where the Quantenna Wi-Fi chipset exposes a telnet service on the default management interface without requiring any authentication mechanism. Telnet is an unencrypted remote access protocol that transmits credentials and commands in plaintext over the network. The affected technology is the Quantenna Wi-Fi chipset SDK (version ≤8.0.0.28), which is embedded in various Wi-Fi access points, routers, and networking devices. This represents a classic case of insecure-by-default configuration where device manufacturers failed to implement proper access controls on critical administrative interfaces. The issue is particularly severe because telnet is network-accessible (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N).
Affected Products
Quantenna Wi-Fi Chipset SDK versions through 8.0.0.28. This affects all end-user products incorporating Quantenna Wi-Fi chipsets, including: (1) Consumer Wi-Fi routers and access points from multiple vendors using Quantenna silicon; (2) Enterprise/ISP-grade Wi-Fi equipment; (3) IoT devices with Quantenna Wi-Fi modules. Specific CPE representation: cpe:2.3:h:quantenna:wi-fi_chipset:*:*:*:*:*:*:*:* (versions ≤8.0.0.28). Note that the vulnerability affects the chipset SDK itself; downstream vendors packaging this chipset in their products (routers, APs, gateways) are transitively affected. Vendor advisory: Quantenna has released a best practices implementation guide but has NOT released a security patch as of the CVE publication date.
Remediation
Immediate mitigation options: (1) Disable telnet service on affected devices through administrative interfaces if available; (2) Implement network-level segmentation to restrict telnet access (port 23) to management interfaces, blocking direct Internet access; (3) Deploy firewall rules to deny inbound telnet connections from untrusted networks; (4) Monitor network traffic for telnet connections to Wi-Fi infrastructure devices. Official patches: Quantenna has not released a security patch; vendors must await patched SDK versions. Contact your device manufacturer (router/AP vendor) to determine if they have released firmware updates addressing this vulnerability through Quantenna patches. The 'best practices guide' referenced should be reviewed to understand hardening recommendations, though this does not constitute a complete fix. Long-term: Upgrade to devices using patched Quantenna SDK versions (>8.0.0.28) once available, or replace with alternative Wi-Fi chipsets from vendors prioritizing secure-by-default configurations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today