CVE-2025-32459

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28

Description The Quantenna Wi-Fi chipset has a local control script, router command.sh, that is vulnerable to command injection, specifically in the sync time argument. This issue is an instance of improper neutralization of argument delimiters in a command. The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions prior to 8.0.0.28, as a temporary workaround, consider disabling the router command.sh script or restricting access to the sync time argument until a patch is available. Implement the best practices guide provided by the vendor to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.