98 matches found
PT-2025-24369 · Quantenna · Quantenna Wi-Fi Chipset
Name of the Vulnerable Software and Affected Versions: Quantenna Wi-Fi chipset versions prior to 8.0.0.28 Description: The Quantenna Wi-Fi chipset contains a local control script, router command.sh, that is vulnerable to command injection. This issue is an instance of improper neutralization of...
PT-2025-24372
Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28 Description The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the sync time argument. This issue is an instanc...
PT-2025-24374
Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28 Description The Quantenna Wi-Fi chipset ships with a local control script, set tx pow, that is vulnerable to command injection. This issue is an instance of CWE-88, "Improper Neutralization of...
PT-2025-24370 · Quantenna · Quantenna Wi-Fi Chipset
Name of the Vulnerable Software and Affected Versions: Quantenna Wi-Fi chipset versions through 8.0.0.28 Description: The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the get file from qtn argument. This issue is a...
PT-2025-24373
Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28 Description The Quantenna Wi-Fi chipset ships with a local control script, transmit file, that is vulnerable to command injection. This issue is an instance of CWE-88, "Improper Neutralization...
PT-2025-24371
Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions through 8.0.0.28 Description The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the get syslog from qtn argument. This issue is...
CVE-2018-15556
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers...
CVE-2018-15556
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers...
CVE-2018-15557
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat...
CVE-2018-15557
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat...
Default credentials
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers...
Code injection
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat...
CVE-2018-15556
CVE-2018-15556 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q (firmware v1.1.02.22). An attacker can log in as root with an empty password via the onboard UART headers, enabling full shell access. Public PoC material exists (PacketStorm/full disclosure) describing UART-based pr...
CVE-2018-15556
The Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 allows login with root level access with the user "root" and an empty password by using the enabled onboard UART headers...
CVE-2018-15557
CVE-2018-15557 affects the Quantenna WiFi Controller in Telus Actiontec WEB6000Q devices (firmware v1.1.02.22). The issue allows an attacker with access to the 169.254.1.0/24 link-local subnet to obtain root by connecting to 169.254.1.2 on TCP port 23 (telnet/netcat). Documents corroborate a priv...
CVE-2018-15557
An issue was discovered in the Quantenna WiFi Controller on Telus Actiontec WEB6000Q v1.1.02.22 devices. An attacker can statically set his/her IP to anything on the 169.254.1.0/24 subnet, and obtain root access by connecting to 169.254.1.2 port 23 with telnet/netcat...
Telus Actiontec WEB6000Q elevation of privilege vulnerability (CNVD-2019-39179)
The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Actiontec WEB6000Q version 1.1.02.22. The vulnerability can be exploited to gain root access by connecting to port 23 of host 169.254.1.2 using telnet/netcat...
Telus Actiontec WEB6000Q Elevation of Privilege Vulnerability
The Actiontec WEB6000Q is a wireless extender from Actiontec USA. A security vulnerability exists in the Quantenna WiFi Controller in the Telus Actiontec WEB6000Q version 1.1.02.22. An attacker can exploit the vulnerability to log in with root access...