The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 7.7 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 2.5 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@takeonme.org | 9.1 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N | 3.9 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| onsemi | qv860_firmware | - |
| onsemi | qcs-ax2-a12_firmware | - |
| onsemi | qhs710_firmware | - |
| onsemi | qsr10gu_firmware | - |
| onsemi | qcs-ax2-t8_firmware | - |
| onsemi | qcs-ax2-s5_firmware | - |
| onsemi | qsr10ga_firmware | - |
| onsemi | qv952c_firmware | - |
| onsemi | qv840c_firmware | - |
| onsemi | qv940_firmware | - |
| onsemi | qcs-ax3-a12_firmware | - |
| onsemi | qcs-ax3-t8_firmware | - |
| onsemi | qv942c_firmware | - |
| onsemi | qv840_firmware | - |
| onsemi | qd840_firmware | - |
| onsemi | qcs-ax2-t12_firmware | - |
| onsemi | qcs-ax3-s5_firmware | - |
| onsemi | qcs-ax3-t12_firmware | - |