The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
References
| Link | Resource |
|---|---|
| https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices | Release Notes |
| https://takeonme.org/cves/cve-2025-3460 | Not Applicable |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
History
13 Jan 2026, 20:12
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices - Release Notes | |
| References | () https://takeonme.org/cves/cve-2025-3460 - Not Applicable | |
| CPE | cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:* cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:* |
|
| First Time |
Onsemi qv860
Onsemi qcs-ax3-t12 Onsemi qcs-ax2-t8 Onsemi qcs-ax3-a12 Firmware Onsemi qcs-ax2-t8 Firmware Onsemi qsr10ga Onsemi qv840 Firmware Onsemi qv840 Onsemi qcs-ax3-s5 Onsemi qcs-ax3-s5 Firmware Onsemi qhs710 Firmware Onsemi qsr10ga Firmware Onsemi qcs-ax2-a12 Onsemi qcs-ax2-t12 Firmware Onsemi qd840 Onsemi qcs-ax2-s5 Firmware Onsemi qcs-ax3-t8 Onsemi qv952c Onsemi qv840c Firmware Onsemi qsr10gu Onsemi qv942c Firmware Onsemi qcs-ax3-a12 Onsemi qcs-ax3-t8 Firmware Onsemi qv840c Onsemi qcs-ax2-a12 Firmware Onsemi qv952c Firmware Onsemi qcs-ax2-s5 Onsemi qv940 Onsemi qd840 Firmware Onsemi qv940 Firmware Onsemi qcs-ax2-t12 Onsemi Onsemi qv860 Firmware Onsemi qcs-ax3-t12 Firmware Onsemi qhs710 Onsemi qv942c Onsemi qsr10gu Firmware |
09 Jun 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| Summary | (en) The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset. |
08 Jun 2025, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-08 21:15
Updated : 2026-01-13 20:12
NVD link : CVE-2025-32455
Mitre link : CVE-2025-32455
CVE.ORG link : CVE-2025-32455
JSON object : View
Products Affected
onsemi
- qcs-ax2-t8_firmware
- qcs-ax2-t12
- qd840_firmware
- qv952c
- qcs-ax3-s5
- qcs-ax2-s5_firmware
- qv860
- qcs-ax3-t12
- qv840c
- qhs710_firmware
- qv942c_firmware
- qhs710
- qd840
- qcs-ax3-a12
- qcs-ax3-t8_firmware
- qcs-ax2-t12_firmware
- qv840
- qv840c_firmware
- qcs-ax2-a12
- qsr10gu_firmware
- qcs-ax3-t12_firmware
- qcs-ax2-t8
- qsr10ga_firmware
- qcs-ax2-s5
- qcs-ax3-s5_firmware
- qcs-ax2-a12_firmware
- qv940_firmware
- qv860_firmware
- qcs-ax3-t8
- qsr10ga
- qv942c
- qv952c_firmware
- qcs-ax3-a12_firmware
- qv840_firmware
- qv940
- qsr10gu
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')