CVE-2025-32457

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions through 8.0.0.28

Description The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the get file from qtn argument. This issue is an instance of improper neutralization of argument delimiters in a command. The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions through 8.0.0.28, consider disabling the router command.sh script or restricting its use until a patch is available. Implement the best practices guide provided by the vendor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.