Skip to main content

Router Qn I 470 EUVDEUVD-2026-24077

| CVE-2026-41036 HIGH
OS Command Injection (CWE-78)
2026-04-21 CERT-In GHSA-7f6p-98mw-r63r
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 21, 2026 - 16:22 vuln.today
cvss_changed
Analysis Generated
Apr 21, 2026 - 10:27 vuln.today
CVSS changed
Apr 21, 2026 - 10:22 NVD
8.7 (HIGH)
EUVD ID Assigned
Apr 21, 2026 - 10:15 euvd
EUVD-2026-24077
Analysis Generated
Apr 21, 2026 - 10:15 vuln.today
CVE Published
Apr 21, 2026 - 10:07 nvd
HIGH 8.7

DescriptionCVE.org

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device.

Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

AnalysisAI

Remote code execution in Quantum Networks router QN-I-470 allows authenticated attackers to execute arbitrary OS commands as root via command injection in the management CLI interface. The vulnerability stems from inadequate input sanitization, enabling low-privileged authenticated users to escalate privileges to root level. CVSS 8.7 (Critical) reflects network-accessible exploitation with low complexity, requiring only low-privilege authentication. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, but the authenticated nature and CLI access requirement limits exploitation to users with existing device credentials.

Technical ContextAI

This is a CWE-78 OS command injection vulnerability in the management Command Line Interface (CLI) of Quantum Networks router model QN-I-470 (CPE: cpe:2.3:a:quantum_networks:router_qn-i-470). The router's CLI interface fails to properly sanitize user-supplied input before passing it to underlying operating system command execution functions. When authenticated users interact with the management interface, specially crafted input containing shell metacharacters or command separators can break out of intended command contexts and execute arbitrary system commands. The vulnerability's scope is unchanged (SC:N/SI:N/SA:N in CVSS vector), meaning the attacker's commands execute within the router's existing security boundary but with elevated root privileges. The CLI management interface is typically network-accessible for remote administration, though attack vector depends on whether the management interface is exposed to untrusted networks.

RemediationAI

Contact Quantum Networks directly to obtain patched firmware for the QN-I-470 router model, as no specific fix version is published in available advisories. Monitor the CERT-In advisory CIVN-2026-0200 (https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200) and Quantum Networks security bulletins for patch availability announcements. Until patching is possible, implement compensating controls: (1) Restrict management CLI access to dedicated administrative VLANs or jump hosts, removing internet or untrusted network exposure entirely-this prevents remote exploitation but limits operational flexibility for remote administration. (2) Enforce strong authentication with complex passwords or certificate-based authentication for all CLI accounts-this raises the bar for credential compromise but does not prevent exploitation by legitimate administrators or attackers who obtain valid credentials. (3) Implement network-level access controls (firewall rules, ACLs) limiting management interface connectivity to specific administrator IP addresses-this reduces attack surface but requires maintenance as administrator networks change. (4) Enable comprehensive CLI command logging and monitor for suspicious command patterns or privilege escalation attempts-this provides detection but not prevention. (5) If operational requirements permit, disable remote CLI access entirely and require console-only administration-this eliminates remote exploitation but significantly impacts operational efficiency. Evaluate trade-offs of each mitigation against organizational risk tolerance and operational requirements.

Share

EUVD-2026-24077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy