Router Qn I 470
Monthly
Information disclosure in Quantum Networks Router QN-I-470 version 6.1.1.B1 allows unauthenticated remote attackers to access sensitive internal data including API endpoints, scripts, and directories through exposed web management interface. Vulnerability stems from improper access control and insecure default configuration (CWE-306). CVSS 8.7 reflects network-accessible, low-complexity attack requiring no authentication or user interaction. No public exploit code identified at time of analysis, though the attack surface (exposed API endpoints) suggests straightforward exploitation. Reported by CERT-In (India national CERT), indicating potential regional targeting or discovery during incident response.
Remote code execution in Quantum Networks router QN-I-470 allows authenticated attackers to execute arbitrary OS commands as root via command injection in the management CLI interface. The vulnerability stems from inadequate input sanitization, enabling low-privileged authenticated users to escalate privileges to root level. CVSS 8.7 (Critical) reflects network-accessible exploitation with low complexity, requiring only low-privilege authentication. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, but the authenticated nature and CLI access requirement limits exploitation to users with existing device credentials.
Remote code execution with root privileges in Quantum Networks router QN-I-470 version 6.1.1.B1 allows adjacent network attackers to execute arbitrary OS commands through the management CLI interface via command injection. The vulnerability requires no authentication (CVSS PR:N) and exploits inadequate input sanitization (CWE-78). Adjacent network access (AV:A) limits attack surface to local network segments. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, though EPSS data unavailable to assess real-world exploitation probability.
Information disclosure in Quantum Networks Router QN-I-470 version 6.1.1.B1 allows unauthenticated remote attackers to access sensitive internal data including API endpoints, scripts, and directories through exposed web management interface. Vulnerability stems from improper access control and insecure default configuration (CWE-306). CVSS 8.7 reflects network-accessible, low-complexity attack requiring no authentication or user interaction. No public exploit code identified at time of analysis, though the attack surface (exposed API endpoints) suggests straightforward exploitation. Reported by CERT-In (India national CERT), indicating potential regional targeting or discovery during incident response.
Remote code execution in Quantum Networks router QN-I-470 allows authenticated attackers to execute arbitrary OS commands as root via command injection in the management CLI interface. The vulnerability stems from inadequate input sanitization, enabling low-privileged authenticated users to escalate privileges to root level. CVSS 8.7 (Critical) reflects network-accessible exploitation with low complexity, requiring only low-privilege authentication. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, but the authenticated nature and CLI access requirement limits exploitation to users with existing device credentials.
Remote code execution with root privileges in Quantum Networks router QN-I-470 version 6.1.1.B1 allows adjacent network attackers to execute arbitrary OS commands through the management CLI interface via command injection. The vulnerability requires no authentication (CVSS PR:N) and exploits inadequate input sanitization (CWE-78). Adjacent network access (AV:A) limits attack surface to local network segments. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, though EPSS data unavailable to assess real-world exploitation probability.