9.8
CVE-2025-3461
- EPSS 0.1%
- Veröffentlicht 08.06.2025 21:02:37
- Zuletzt bearbeitet 13.01.2026 20:01:27
- Quelle cve@takeonme.org
- CVE-Watchlists
- Unerledigt
LoginThe Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Onsemi ≫ Qhs710 Firmware Version-
Onsemi ≫ Qsr10ga Firmware Version-
Onsemi ≫ Qsr10gu Firmware Version-
Onsemi ≫ Qv840 Firmware Version-
Onsemi ≫ Qv840c Firmware Version-
Onsemi ≫ Qv860 Firmware Version-
Onsemi ≫ Qv940 Firmware Version-
Onsemi ≫ Qv942c Firmware Version-
Onsemi ≫ Qv952c Firmware Version-
Onsemi ≫ Qcs-ax2-s5 Firmware Version-
Onsemi ≫ Qcs-ax3-a12 Firmware Version-
Onsemi ≫ Qcs-ax3-t12 Firmware Version-
Onsemi ≫ Qcs-ax3-t8 Firmware Version-
Onsemi ≫ Qcs-ax3-s5 Firmware Version-
Onsemi ≫ Qcs-ax2-a12 Firmware Version-
Onsemi ≫ Qcs-ax2-t12 Firmware Version-
Onsemi ≫ Qcs-ax2-t8 Firmware Version-
Onsemi ≫ Qd840 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.268 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cve@takeonme.org | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.