CVE ID : CVE-2025-32457

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3460

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35006

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35007

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35008

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35009

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-35010

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.1 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). This issue has not been generally fixed at the time of this CVE record’s first publishing.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3459

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3461

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, “Missing Authentication for Critical Function,” and is estimated as a CVSS 9.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

phởdav (phodav) is a minimal WebDAV server implementation using GNOME libsoup (RFC 4918). The post phởdav is a minimal WebDAV…

Get the latest dose of motion and animation inspiration in this roundup. Source: Read More 

The pfSense project is a powerful open source firewall and routing platform based on FreeBSD. pfSense software includes a web…

Linux Mint 22.2 adds fingerprint login and authentication support through a new desktop app called Fingwit, which boasts ‘smarter’ PAM…

As awesome as Summer Games Fest’s trailers are, sometimes you just want to slow down and experience a cozier side…

The next wave of mainstream PC gaming handhelds will largely feature AMD Z2 Series processors. Here’s how they compare against…

Owlcat Games considers The Expanse: Osiris Reborn to be its flagship title, even as the team continues work on the…

Microsoft seems to have broken something, because reams of dead games are showing up on Xbox PC libraries everywhere. Source:…

Explore a haunting new region in Atomfall’s Wicked Isle DLC with new quests, weapons, and enemies. Source: Read More / Windows…

The Lenovo ThinkPad X1 2-in-1 (Gen 10) Aura Edition is a slim, sturdy, and secure convertible Windows laptop that offers…

The small but mighty Minix Z97 weighs half a pound and has commendable power for daily tasks while driving up…