CVE-2025-32456

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28

Description The Quantenna Wi-Fi chipset contains a local control script, router command.sh, that is vulnerable to command injection. This issue is an instance of improper neutralization of argument delimiters in a command. The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions prior to 8.0.0.28, consider disabling the router command.sh script until a patch is available. Restrict access to the put file to qtn argument to minimize the risk of exploitation. Follow the vendor's best practices guide for implementors of this chipset to reduce the risk of command injection attacks.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

BDU:2025-06629

CVE-2025-32456

Affected Products

Quantenna Wi-Fi Chipset

CVE-2025-32456

Weakness Enumeration

Related Identifiers

Affected Products

References · 12