CVE-2025-32455

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.29

Description The Quantenna Wi-Fi chipset contains a local control script, router command.sh, that is vulnerable to command injection, specifically an instance of improper neutralization of argument delimiters in a command. This issue is estimated to have a significant impact. The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions prior to 8.0.0.29, consider disabling the router command.sh script until a patch is available. Restrict access to the run cmd argument to minimize the risk of exploitation. Implement the best practices guide provided by the vendor to reduce the risk of command injection attacks.