CVE-2025-3459 – Quantenna Wi-Fi Command Injection Vulnerability

June 8, 2025

CVE ID : CVE-2025-3459

Published : June 8, 2025, 9:15 p.m. | 38 minutes ago

Description : The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, “Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’),” and is estimated as a CVSS 7.7 ( CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) .
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record’s first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3461 – Quantenna Wi-Fi Missing Authentication for Critical Function

Next Article CVE-2025-35010 – Microhard BulletLTE-NA2 and IPn4Gii-NA2 Command Injection Vulnerability

Highlights

CVE-2025-47284 – Gardener Gardenlet Privilege Escalation Vulnerability

May 19, 2025

CVE ID : CVE-2025-47284

Published : May 19, 2025, 7:15 p.m. | 22 minutes ago

Description : Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.

Severity: 9.9 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

Apple doesn’t need better AI as much as AI needs Apple to bring its A-game

DistroWatch Weekly, Issue 1125

Motion Highlights #9

The 2025 Wholesome Direct was chock-full of cozy casual games and aesthetic vibes

Online Scrap Portal Using PHP and MySQL

Online Scrap Portal Using PHP and MySQL

Master Image Processing in Node.js Using Sharp for Fast Web Apps

mkocansey/bladewind

Microsoft built a bloat-free, optimized Windows 11 UI for handheld gaming

Microsoft built a bloat-free, optimized Windows 11 UI for handheld gaming

DistroWatch Weekly, Issue 1125

Gradia is a Slick New Screenshot Annotation Tool for Linux

CVE-2025-3459 – Quantenna Wi-Fi Command Injection Vulnerability

US infrastructure could crumble under cyberattack, ex-NSA advisor warns

CVE-2025-4318 (CVSS 9.5): AWS Amplify RCE Flaw Exposed with PoC – CI/CD Pipelines at Risk

Google Pixel 9a vs. iPhone 16e: My camera comparison has a clear winner

CVE-2025-5362 – Campcodes Online Hospital Management System SQL Injection Vulnerability

CVE-2025-47691 – Ultimate Member Code Injection

This AR headset is changing how surgeons see inside their patients

CVE-2025-47284 – Gardener Gardenlet Privilege Escalation Vulnerability

Windows 10 KB5058379 locks PCs, BitLocker Recovery triggered on boot, BSODs

Lenovo ThinkSystem Edge SE Series Cost in India | Affordable Edge Servers

Bethesda Softworks QA union authorizes strike as negotiations with Microsoft continue

CVE-2025-3459 – Quantenna Wi-Fi Command Injection Vulnerability

Related Posts