CVE-2025-32457 – Quantenna Wi-Fi Chipset Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-32457

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3460 – Quantenna Wi-Fi Command Injection Vulnerability

Next Article CVE-2025-32456 – Quantenna Wi-Fi Command Injection Vulnerability

Highlights

CVE-2025-2811 – “GL.iNet Router Regular Expression Complexity Inefficient Vulnerability”

April 26, 2025

CVE ID : CVE-2025-2811

Published : April 26, 2025, 7:15 a.m. | 4 hours, 49 minutes ago

Description : A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.

Severity: 5.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

Apple doesn’t need better AI as much as AI needs Apple to bring its A-game

DistroWatch Weekly, Issue 1125

Motion Highlights #9

The 2025 Wholesome Direct was chock-full of cozy casual games and aesthetic vibes

Online Scrap Portal Using PHP and MySQL

Online Scrap Portal Using PHP and MySQL

Master Image Processing in Node.js Using Sharp for Fast Web Apps

mkocansey/bladewind

Microsoft built a bloat-free, optimized Windows 11 UI for handheld gaming

Microsoft built a bloat-free, optimized Windows 11 UI for handheld gaming

DistroWatch Weekly, Issue 1125

Gradia is a Slick New Screenshot Annotation Tool for Linux

CVE-2025-32457 – Quantenna Wi-Fi Chipset Command Injection Vulnerability

US infrastructure could crumble under cyberattack, ex-NSA advisor warns

CVE-2025-4318 (CVSS 9.5): AWS Amplify RCE Flaw Exposed with PoC – CI/CD Pipelines at Risk

My new favorite iPhone portable charger has a magnetic superpower – and it’s cheap

CVE-2025-5670 – PHPGurukul Medical Card Generation System SQL Injection

Do I need to worry about state-sponsored threats like Regin?

Microsoft pauses $1 billion data center project — have tech giants overestimated demand for AI?

CVE-2025-2811 – “GL.iNet Router Regular Expression Complexity Inefficient Vulnerability”

CVE-2025-3577 – Zyxel AMG1302-T10B Path Traversal Vulnerability

RSAC 2025 wrap-up – Week in security with Tony Anscombe

CVE-2025-49439 – Mariusz88AtelierWeb Atelier Create CV CSRF Vulnerability

CVE-2025-32457 – Quantenna Wi-Fi Chipset Command Injection Vulnerability

Related Posts