Which versions of Brute Force are affected by CVE-2026-41038?

Quantum Networks router QN-I-470 version 6.1.B1 contains weak password policy enforcement that allows adjacent network attackers to brute-force administrative credentials, creating a critical insider…

Brute Force CVE-2026-41038

Q: What is the CVSS score of CVE-2026-41038?

CVE-2026-41038 has a CVSS 4.0 base score of 7.6 (High). CVSS vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-24083 HIGH

Weak Password Requirements (CWE-521)

2026-04-21 CERT-In

GHSA-mqx2-c63m-7p93

Authentication Bypass Brute Force

7.6

CVSS 4.0

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 16:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 13:33 vuln.today

CVSS changed

Apr 21, 2026 - 11:22 NVD

7.6 (HIGH)

EUVD ID Assigned

Apr 21, 2026 - 11:00 euvd

EUVD-2026-24083

Analysis Generated

Apr 21, 2026 - 11:00 vuln.today

CVE Published

Apr 21, 2026 - 10:22 nvd

HIGH 7.6

DescriptionNVD

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device.

AnalysisAI

Weak password policy enforcement in Quantum Networks router QN-I-470 version 6.1.1.B1 enables adjacent network attackers to gain unauthorized administrative access through password brute-force attacks. CVSS 7.6 reflects adjacent network requirement (AV:A) and high complexity (AC:H), limiting exploitation to attackers already on the local network segment. …

RemediationAI

Within 24 hours: Inventory all Quantum Networks QN-I-470 devices running version 6.1.1.B1 and isolate affected units to management-only network segments with strict access controls. Within 7 days: Implement mandatory password policy changes on affected devices (enforce minimum 16-character alphanumeric passwords with special characters, disable default credentials, enforce account lockout after 3 failed attempts), force administrative password resets across all accounts, and enable administrative access logging. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41038 vulnerability details – vuln.today

Back

Brute Force CVE-2026-41038

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Brute Force CVE-2026-41038

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code