Search criteria
24 vulnerabilities found for qd840_firmware by onsemi
FKIE_CVE-2025-3461
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-13 20:01
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
| URL | Tags | ||
|---|---|---|---|
| cve@takeonme.org | https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices | Release Notes | |
| cve@takeonme.org | https://takeonme.org/cves/cve-2025-3461/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - | |
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "Los Chips Wi-Fi Quantenna se entregan con una interfaz Telnet no autenticada por defecto. Se trata de una instancia de CWE-306, \"Falta de autenticaci\u00f3n para funci\u00f3n cr\u00edtica\", y se estima que es un CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Wi-Fi Quantenna hasta la versi\u00f3n 8.0.0.28 del SDK m\u00e1s reciente y, al parecer, no se hab\u00eda corregido al momento de la publicaci\u00f3n inicial de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de pr\u00e1cticas recomendadas para los implementadores de este chipset."
}
],
"id": "CVE-2025-3461",
"lastModified": "2026-01-13T20:01:27.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:33.030",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3461/"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-3459
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-21 15:58
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Quantenna Wi-Fi se entrega con un script de control local, transmit_file, vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima que es CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del SDK m\u00e1s reciente y, al parecer, no se hab\u00eda corregido al momento de la publicaci\u00f3n inicial de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de pr\u00e1cticas recomendadas para los implementadores de este chipset."
}
],
"id": "CVE-2025-3459",
"lastModified": "2026-01-21T15:58:56.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:32.770",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Not Applicable"
],
"url": "https://takeonme.org/cves/cve-2025-3459"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-3460
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-21 16:02
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
| URL | Tags | ||
|---|---|---|---|
| cve@takeonme.org | https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices | Release Notes | |
| cve@takeonme.org | https://takeonme.org/cves/cve-2025-3460 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, set_tx_pow, vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."
}
],
"id": "CVE-2025-3460",
"lastModified": "2026-01-21T16:02:39.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:32.900",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-32456
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-13 20:20
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, router_command.sh (en el argumento put_file_to_qtn), vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."
}
],
"id": "CVE-2025-32456",
"lastModified": "2026-01-13T20:20:46.173",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:31.267",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Not Applicable"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-32457
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-13 20:25
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, router_command.sh (en el argumento get_file_from_qtn), vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."
}
],
"id": "CVE-2025-32457",
"lastModified": "2026-01-13T20:25:19.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:31.403",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Not Applicable"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-32459
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-21 15:51
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, router_command.sh (en el argumento sync_time), vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."
}
],
"id": "CVE-2025-32459",
"lastModified": "2026-01-21T15:51:22.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:31.673",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Not Applicable"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-32458
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-21 15:46
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, router_command.sh (en el argumento get_syslog_from_qtn), vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."
}
],
"id": "CVE-2025-32458",
"lastModified": "2026-01-21T15:46:45.133",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:31.537",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Not Applicable"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-32455
Vulnerability from fkie_nvd - Published: 2025-06-08 21:15 - Updated: 2026-01-13 20:12
Severity ?
7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| onsemi | qcs-ax3-s5_firmware | - | |
| onsemi | qcs-ax3-s5 | - | |
| onsemi | qcs-ax2-a12_firmware | - | |
| onsemi | qcs-ax2-a12 | - | |
| onsemi | qcs-ax2-t12_firmware | - | |
| onsemi | qcs-ax2-t12 | - | |
| onsemi | qcs-ax2-t8_firmware | - | |
| onsemi | qcs-ax2-t8 | - | |
| onsemi | qd840_firmware | - | |
| onsemi | qd840 | - | |
| onsemi | qhs710_firmware | - | |
| onsemi | qhs710 | - | |
| onsemi | qsr10ga_firmware | - | |
| onsemi | qsr10ga | - | |
| onsemi | qsr10gu_firmware | - | |
| onsemi | qsr10gu | - | |
| onsemi | qv840_firmware | - | |
| onsemi | qv840 | - | |
| onsemi | qv840c_firmware | - | |
| onsemi | qv840c | - | |
| onsemi | qv860_firmware | - | |
| onsemi | qv860 | - | |
| onsemi | qv940_firmware | - | |
| onsemi | qv940 | - | |
| onsemi | qv942c_firmware | - | |
| onsemi | qv942c | - | |
| onsemi | qv952c_firmware | - | |
| onsemi | qv952c | - | |
| onsemi | qcs-ax2-s5_firmware | - | |
| onsemi | qcs-ax2-s5 | - | |
| onsemi | qcs-ax3-a12_firmware | - | |
| onsemi | qcs-ax3-a12 | - | |
| onsemi | qcs-ax3-t12_firmware | - | |
| onsemi | qcs-ax3-t12 | - | |
| onsemi | qcs-ax3-t8_firmware | - | |
| onsemi | qcs-ax3-t8 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*",
"matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
},
{
"lang": "es",
"value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, router_command.sh (en el argumento run_cmd), vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando (\u0027Inyecci\u00f3n de argumentos\u0027)\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."
}
],
"id": "CVE-2025-32455",
"lastModified": "2026-01-13T20:12:22.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2,
"source": "cve@takeonme.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-08T21:15:30.993",
"references": [
{
"source": "cve@takeonme.org",
"tags": [
"Release Notes"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
},
{
"source": "cve@takeonme.org",
"tags": [
"Not Applicable"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
}
],
"sourceIdentifier": "cve@takeonme.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "cve@takeonme.org",
"type": "Secondary"
}
]
}
CVE-2025-3461 (GCVE-0-2025-3461)
Vulnerability from nvd – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:37
VLAI?
Title
ON Semiconductor Quantenna Telnet Missing Authentication
Summary
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
9.1 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:02:18.870403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:02:24.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:37:14.718Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3461/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna Telnet Missing Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-3461",
"datePublished": "2025-06-08T21:02:37.521Z",
"dateReserved": "2025-04-08T23:41:09.376Z",
"dateUpdated": "2025-06-09T18:37:14.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3460 (GCVE-0-2025-3460)
Vulnerability from nvd – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:33
VLAI?
Title
ON Semiconductor Quantenna set_tx_pow Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:02:58.903057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:03:04.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u0026nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:33:57.925Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna set_tx_pow Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-3460",
"datePublished": "2025-06-08T21:02:24.334Z",
"dateReserved": "2025-04-08T23:41:08.314Z",
"dateUpdated": "2025-06-09T18:33:57.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3459 (GCVE-0-2025-3459)
Vulnerability from nvd – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:36
VLAI?
Title
ON Semiconductor Quantenna transmit_file Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:03:20.052450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:03:25.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:36:35.345Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3459"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna transmit_file Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-3459",
"datePublished": "2025-06-08T21:02:09.918Z",
"dateReserved": "2025-04-08T23:41:07.346Z",
"dateUpdated": "2025-06-09T18:36:35.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32456 (GCVE-0-2025-32456)
Vulnerability from nvd – Published: 2025-06-08 21:03 – Updated: 2025-06-10 13:24
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:27:57.822249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:24:14.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u0026nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:39:25.998Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32456",
"datePublished": "2025-06-08T21:03:12.814Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-10T13:24:14.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32459 (GCVE-0-2025-32459)
Vulnerability from nvd – Published: 2025-06-08 21:04 – Updated: 2025-06-10 13:22
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:24:11.770310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:22:40.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cbr\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:37:45.430Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32459",
"datePublished": "2025-06-08T21:04:25.317Z",
"dateReserved": "2025-04-08T23:41:04.753Z",
"dateUpdated": "2025-06-10T13:22:40.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32458 (GCVE-0-2025-32458)
Vulnerability from nvd – Published: 2025-06-08 21:04 – Updated: 2025-06-10 13:23
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:25:16.513260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:23:10.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:39:52.055Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32458",
"datePublished": "2025-06-08T21:04:12.492Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-10T13:23:10.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32457 (GCVE-0-2025-32457)
Vulnerability from nvd – Published: 2025-06-08 21:03 – Updated: 2025-06-10 13:23
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:27:01.682269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:23:32.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:39:03.969Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32457",
"datePublished": "2025-06-08T21:03:24.532Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-10T13:23:32.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32455 (GCVE-0-2025-32455)
Vulnerability from nvd – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:38
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:01:33.594336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:01:41.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cbr\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:38:09.297Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32455",
"datePublished": "2025-06-08T21:02:58.816Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-09T18:38:09.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32459 (GCVE-0-2025-32459)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:04 – Updated: 2025-06-10 13:22
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:24:11.770310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:22:40.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cbr\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:37:45.430Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32459",
"datePublished": "2025-06-08T21:04:25.317Z",
"dateReserved": "2025-04-08T23:41:04.753Z",
"dateUpdated": "2025-06-10T13:22:40.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32458 (GCVE-0-2025-32458)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:04 – Updated: 2025-06-10 13:23
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:25:16.513260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:23:10.764Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:39:52.055Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32458",
"datePublished": "2025-06-08T21:04:12.492Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-10T13:23:10.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32457 (GCVE-0-2025-32457)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:03 – Updated: 2025-06-10 13:23
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32457",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:27:01.682269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:23:32.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:39:03.969Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32457",
"datePublished": "2025-06-08T21:03:24.532Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-10T13:23:32.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32456 (GCVE-0-2025-32456)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:03 – Updated: 2025-06-10 13:24
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T03:27:57.822249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:24:14.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u0026nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:39:25.998Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32456",
"datePublished": "2025-06-08T21:03:12.814Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-10T13:24:14.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32455 (GCVE-0-2025-32455)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:38
VLAI?
Title
ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:01:33.594336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:01:41.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cbr\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\n\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:38:09.297Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-32455",
"datePublished": "2025-06-08T21:02:58.816Z",
"dateReserved": "2025-04-08T23:41:04.752Z",
"dateUpdated": "2025-06-09T18:38:09.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3461 (GCVE-0-2025-3461)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:37
VLAI?
Title
ON Semiconductor Quantenna Telnet Missing Authentication
Summary
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
9.1 (Critical)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:02:18.870403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:02:24.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:37:14.718Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3461/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna Telnet Missing Authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-3461",
"datePublished": "2025-06-08T21:02:37.521Z",
"dateReserved": "2025-04-08T23:41:09.376Z",
"dateUpdated": "2025-06-09T18:37:14.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3460 (GCVE-0-2025-3460)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:33
VLAI?
Title
ON Semiconductor Quantenna set_tx_pow Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:02:58.903057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:03:04.372Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u0026nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:33:57.925Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3460"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna set_tx_pow Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-3460",
"datePublished": "2025-06-08T21:02:24.334Z",
"dateReserved": "2025-04-08T23:41:08.314Z",
"dateUpdated": "2025-06-09T18:33:57.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3459 (GCVE-0-2025-3459)
Vulnerability from cvelistv5 – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:36
VLAI?
Title
ON Semiconductor Quantenna transmit_file Argument Injection
Summary
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
7.7 (High)
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ON Semiconductor | Quantenna Wi-Fi chipset |
Affected:
0 , ≤ 8.0.0.28
(custom)
|
Credits
Ricky "HeadlessZeke" Lawshae of Keysight
todb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:03:20.052450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:03:25.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Quantenna Wi-Fi chipset",
"vendor": "ON Semiconductor",
"versions": [
{
"lessThanOrEqual": "8.0.0.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
},
{
"lang": "en",
"type": "coordinator",
"value": "todb"
}
],
"datePublic": "2025-06-08T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
}
],
"value": "The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027),\" and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:36:35.345Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://takeonme.org/cves/cve-2025-3459"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ON Semiconductor Quantenna transmit_file Argument Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2025-3459",
"datePublished": "2025-06-08T21:02:09.918Z",
"dateReserved": "2025-04-08T23:41:07.346Z",
"dateUpdated": "2025-06-09T18:36:35.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}