CVE-2026-30603

Root Access via Crafted Firmware Update Script on Qianniao QN-L23PA0904

Description

An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card.

INFO

Published Date :

2026-04-02T00:00:00.000Z

Last Modified :

2026-04-02T17:57:43.296Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2026-30603 vulnerability.

Vendors	Products
Qianniao	Qn-l23pa0904

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-30603.

URL	Resource
http://qianniao.com
http://qn-l23pa0904.com
https://github.com/0xghostrush/Research/blob/main/CVE-2026-30603/CVE-2026-30603.md

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact