The vulnerability of the runcmd() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the runcmd function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

CVE-2025-32455 ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection

The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the runcmd argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...