CVE-2025-32458

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions through 8.0.0.28

Description The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the get syslog from qtn argument. This issue is related to improper neutralization of argument delimiters in a command. The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions through 8.0.0.28, consider disabling the router command.sh script or restricting its use until a patch is available. Implement the best practices guide provided by the vendor to minimize the risk of exploitation.