CVE-2025-3460

Name of the Vulnerable Software and Affected Versions Quantenna Wi-Fi chipset versions prior to 8.0.0.28

Description The Quantenna Wi-Fi chipset ships with a local control script, set tx pow, that is vulnerable to command injection. This issue is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command (Argument Injection)". The vendor has released a best practices guide for implementors of this chipset.

Recommendations For versions prior to 8.0.0.28, consider disabling the set tx pow script until a patch is available. Restrict access to the local control interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.