• Menu ▾
• • Home
  • About
  • Rules
  • Chat
  • CVE
  • Mailing List
  • Meetings
  • Our Spawn
  • Contact

CVE-2025-32458

2025-06-08 3:58:25 PM CDT

CVE-2025-32458: ON Semiconductor Quantenna router_command.sh get_syslog_from_qtn Argument Injection

AHA! has discovered an issue with Quantenna Wi-Fi chips from ON Semiconductor, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on June 8, 2025. CVE-2025-32458 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Quantenna Wi-Fi chips ship with a local control script that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7.

Read more

CVE-2025-32459

2025-06-08 3:58:25 PM CDT

CVE-2025-32459: ON Semiconductor Quantenna router_command.sh sync_time Argument Injection

AHA! has discovered an issue with Quantenna Wi-Fi chips from ON Semiconductor, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on June 8, 2025. CVE-2025-32459 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Quantenna Wi-Fi chips ship with a local control script that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7.

Read more

CVE-2025-3459

2025-06-08 3:58:25 PM CDT

CVE-2025-3459: ON Semiconductor Quantenna transmit_file Argument Injection

AHA! has discovered an issue with Quantenna Wi-Fi chips from ON Semiconductor, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on June 8, 2025. CVE-2025-3459 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Quantenna Wi-Fi chips ship with a local control script that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7.

Read more

CVE-2025-3460

2025-06-08 3:58:25 PM CDT

CVE-2025-3460: ON Semiconductor Quantenna set_tx_pow Argument Injection

AHA! has discovered an issue with Quantenna Wi-Fi chips from ON Semiconductor, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on June 8, 2025. CVE-2025-3460 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Quantenna Wi-Fi chips ship with a local control script that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7.

Read more

CVE-2025-3461

2025-06-08 3:58:25 PM CDT

CVE-2025-3461: ON Semiconductor Quantenna Telnet Missing Authentication

AHA! has discovered an issue with Quantenna Wi-Fi chips from ON Semiconductor, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy on June 8, 2025. CVE-2025-3461 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, “Missing Authentication for Critical Function,” and is estimated as a CVSS 9.1.

Read more

← Newer posts Older posts →