98 matches found
CVE-2025-32458
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getsyslogfromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32456
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the putfiletoqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32459
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-32455
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the runcmd argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-32459 ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-32459 ON Semiconductor Quantenna router_command.sh (in the sync_time argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the synctime argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-32459
The CVE-2025-32459 entry concerns the Quantenna Wi‑Fi chipset where the local control script router_command.sh, used in the sync_time argument, is vulnerable to command injection (CWE-88). Affected product: Quantenna Wi‑Fi chipset up to SDK version 8.0.0.28. Root cause: improper neutralization of...
CVE-2025-32458 ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getsyslogfromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32458 ON Semiconductor Quantenna router_command.sh (in the get_syslog_from_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getsyslogfromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32458
The CVE-2025-32458 entry affects Quantenna Wi‑Fi chipset firmware (through version 8.0.0.28 of the latest SDK). The local control script router_command.sh (in the get_syslog_from_qtn argument) is vulnerable to command injection (CWE-88). The issue is described as LOCAL, with LOW privileges, NONE ...
CVE-2025-32457
The CVE-2025-32457 entry concerns the Quantenna Wi‑Fi chipset and details a command injection in a local control script. Affected component: router_command.sh (in the get_file_from_qtn argument) and related script paths, with root cause identified as CWE-88 (Improper Neutralization of Argument De...
CVE-2025-32457 ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getfilefromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32457 ON Semiconductor Quantenna router_command.sh (in the get_file_from_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the getfilefromqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32456
The CVE-2025-32456 entry is supported by connected documents describing a local command-injection vulnerability in Quantenna Wi‑Fi chipsets (through SDK version 8.0.0.28) via router_command.sh (in the put_file_to_qtn argument). This CWE-88 issue is also echoed by related CVEs (CVE-2025-3460 and C...
CVE-2025-32456 ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the putfiletoqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32456 ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the putfiletoqtn argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS...
CVE-2025-32455 ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the runcmd argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-32455
The CVE-2025-32455 family concerns the Quantenna Wi‑Fi chipset. A local control script vulnerability exists in router_command.sh (run_cmd argument), enabling command injection (CWE-88) with CVSS 3.1: Local, Low/None privileges and High impact on confidentiality and integrity (A: High, I: High, C:...
CVE-2025-32455 ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, routercommand.sh in the runcmd argument, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command 'Argument Injection'," and is estimated as a CVSS 7.7...
CVE-2025-3461 ON Semiconductor Quantenna Telnet Missing Authentication
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. This issue affects Quantenna Wi-Fi chipset through versi...