Qd840 Firmware
Monthly
Quantenna Wi-Fi chipsets ship with an unauthenticated telnet interface enabled by default, allowing remote attackers to gain full administrative access without credentials. This affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28, and while no official patch has been released at the time of CVE publication, the vendor has provided a best practices guide for implementors. The vulnerability enables both complete confidentiality and integrity compromise of affected devices.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (specifically the set_tx_pow utility) that allows local, unauthenticated attackers to execute arbitrary commands with elevated privileges. The vulnerability affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28 and remains unpatched at the time of disclosure, though the vendor has issued a best practices guide. An attacker with local access can leverage CWE-88 (argument injection) to compromise system integrity and confidentiality.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script, specifically in the sync_time argument handler, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset SDK versions through 8.0.0.28 and remains unpatched as of the CVE publication date, though the vendor has released implementation best practices rather than a direct patch. The CVSS 7.7 score reflects the local attack vector but high-impact consequences; exploitation requires local access but no privileges or user interaction.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (router_command.sh) that allows local, unauthenticated attackers to execute arbitrary commands with high impact to confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the SDK and remains unpatched at disclosure, though the vendor has issued a best practices guide rather than a direct security patch. With a CVSS score of 7.7 and local attack vector requirements, this represents a significant risk to deployed routers and wireless access points using this chipset.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.
Quantenna Wi-Fi chipsets ship with an unauthenticated telnet interface enabled by default, allowing remote attackers to gain full administrative access without credentials. This affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28, and while no official patch has been released at the time of CVE publication, the vendor has provided a best practices guide for implementors. The vulnerability enables both complete confidentiality and integrity compromise of affected devices.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (specifically the set_tx_pow utility) that allows local, unauthenticated attackers to execute arbitrary commands with elevated privileges. The vulnerability affects Quantenna Wi-Fi chipset SDK through version 8.0.0.28 and remains unpatched at the time of disclosure, though the vendor has issued a best practices guide. An attacker with local access can leverage CWE-88 (argument injection) to compromise system integrity and confidentiality.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script, specifically in the sync_time argument handler, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset SDK versions through 8.0.0.28 and remains unpatched as of the CVE publication date, though the vendor has released implementation best practices rather than a direct patch. The CVSS 7.7 score reflects the local attack vector but high-impact consequences; exploitation requires local access but no privileges or user interaction.
Command injection vulnerability in Quantenna Wi-Fi chipset control scripts (router_command.sh) that allows local, unauthenticated attackers to execute arbitrary commands with high impact to confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the SDK and remains unpatched at disclosure, though the vendor has issued a best practices guide rather than a direct security patch. With a CVSS score of 7.7 and local attack vector requirements, this represents a significant risk to deployed routers and wireless access points using this chipset.
A command injection vulnerability (CVSS 7.7). High severity vulnerability requiring prompt remediation.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh script affecting versions through 8.0.0.28 of the SDK. The flaw allows unauthenticated local attackers to inject arbitrary commands via improper argument handling in the put_file_to_qtn parameter, potentially leading to confidentiality and integrity compromise. No official patch is available as of the CVE publication date, though the vendor has released mitigation guidance; this vulnerability is not currently tracked as actively exploited in CISA's Known Exploited Vulnerabilities catalog.
A command injection vulnerability exists in the Quantenna Wi-Fi chipset's router_command.sh local control script, allowing unauthenticated local attackers to execute arbitrary commands with high impact on confidentiality and integrity. The vulnerability affects Quantenna Wi-Fi chipset versions through 8.0.0.28 of the latest SDK and remains unpatched as of the CVE publication date, though the vendor has provided best practices guidance rather than a direct patch. With a CVSS score of 7.7 and local attack vector requirements, this poses significant risk to routers and access points using affected Quantenna chipsets, particularly in multi-user or compromised-local-network scenarios.