cbcvebase.

On Semiconductor Quantenna Wi-Fi Chipset vulnerabilities

8 known vulnerabilities affecting on_semiconductor/quantenna_wi-fi_chipset.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7

Vulnerabilities

Page 1 of 1
CVE-2025-3461P2CRITICALCVSS 9.8≤ 8.0.0.282025-06-08
CVE-2025-3461 [CRITICAL] CWE-306 CVE-2025-3461: The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an insta The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unp
nvd
CVE-2025-3460P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-3460 [HIGH] CWE-88 CVE-2025-3460: The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to com The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset t
nvd
CVE-2025-32457P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-32457 [HIGH] CWE-88 CVE-2025-32457: The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_fr The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
nvd
CVE-2025-32458P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-32458 [HIGH] CWE-88 CVE-2025-32458: The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_ The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd
CVE-2025-32456P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-32456 [HIGH] CWE-88 CVE-2025-32456: The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). T
nvd
CVE-2025-32455P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-32455 [HIGH] CWE-88 CVE-2025-32455: The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd arg The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This iss
nvd
CVE-2025-32459P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-32459 [HIGH] CWE-88 CVE-2025-32459: The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time a The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This i
nvd
CVE-2025-3459P3HIGHCVSS 7.8≤ 8.0.0.282025-06-08
CVE-2025-3459 [HIGH] CWE-88 CVE-2025-3459: The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset
nvd
On Semiconductor Quantenna Wi-Fi Chipset vulnerabilities | cvebase