CVE-2025-3461 (GCVE-0-2025-3461)

Vulnerability from cvelistv5 – Published: 2025-06-08 21:02 – Updated: 2025-06-09 18:37
VLAI?
Summary
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-306 - Missing Authentication for Critical Function
Assigner
AHA
References
Impacted products
Vendor Product Version
ON Semiconductor Quantenna Wi-Fi chipset Affected: 0 , ≤ 8.0.0.28 (custom)
Create a notification for this product.
Credits
Ricky "HeadlessZeke" Lawshae of Keysight todb
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:02:18.870403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:02:24.532Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Quantenna Wi-Fi chipset",
          "vendor": "ON Semiconductor",
          "versions": [
            {
              "lessThanOrEqual": "8.0.0.28",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "todb"
        }
      ],
      "datePublic": "2025-06-08T21:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e"
            }
          ],
          "value": "The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \"Missing Authentication for Critical Function,\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-09T18:37:14.718Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://takeonme.org/cves/cve-2025-3461/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "ON Semiconductor Quantenna Telnet Missing Authentication",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2025-3461",
    "datePublished": "2025-06-08T21:02:37.521Z",
    "dateReserved": "2025-04-08T23:41:09.376Z",
    "dateUpdated": "2025-06-09T18:37:14.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-3461\",\"sourceIdentifier\":\"cve@takeonme.org\",\"published\":\"2025-06-08T21:15:33.030\",\"lastModified\":\"2025-06-09T19:15:24.923\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \\\"Missing Authentication for Critical Function,\\\" and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\"},{\"lang\":\"es\",\"value\":\"Los Chips Wi-Fi Quantenna se entregan con una interfaz Telnet no autenticada por defecto. Se trata de una instancia de CWE-306, \\\"Falta de autenticaci\u00f3n para funci\u00f3n cr\u00edtica\\\", y se estima que es un CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Wi-Fi Quantenna hasta la versi\u00f3n 8.0.0.28 del SDK m\u00e1s reciente y, al parecer, no se hab\u00eda corregido al momento de la publicaci\u00f3n inicial de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de pr\u00e1cticas recomendadas para los implementadores de este chipset.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@takeonme.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"cve@takeonme.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices\",\"source\":\"cve@takeonme.org\"},{\"url\":\"https://takeonme.org/cves/cve-2025-3461/\",\"source\":\"cve@takeonme.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"ON Semiconductor Quantenna Telnet Missing Authentication\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ricky \\\"HeadlessZeke\\\" Lawshae of Keysight\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"todb\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"ON Semiconductor\", \"product\": \"Quantenna Wi-Fi chipset\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"8.0.0.28\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-06-08T21:00:00.000Z\", \"references\": [{\"url\": \"https://takeonme.org/cves/cve-2025-3461/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \\\"Missing Authentication for Critical Function,\\\" and is estimated as a CVSS 9.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .\\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, \\\"Missing Authentication for Critical Function,\\\" and is estimated as a CVSS 9.1 (\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\\\"\u003eCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)\u003c/a\u003e.\u003cbr\u003e\u003cp\u003eThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record\u0027s first publishing, though the vendor has released a best practices guide for implementors of this chipset.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"26969f82-7e87-44d8-9cb5-f6fb926ddd43\", \"shortName\": \"AHA\", \"dateUpdated\": \"2025-06-08T21:02:37.521Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3461\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-09T15:02:18.870403Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2025-06-09T15:02:21.516Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-3461\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-08T21:02:37.521Z\", \"dateReserved\": \"2025-04-08T23:41:09.376Z\", \"assignerOrgId\": \"26969f82-7e87-44d8-9cb5-f6fb926ddd43\", \"datePublished\": \"2025-06-08T21:02:37.521Z\", \"assignerShortName\": \"AHA\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.