7.7
CVE-2025-32456 - ON Semiconductor Quantenna router_command.sh (in the put_file_to_qtn argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSβ¦
7.7
CVE-2025-32455 - ON Semiconductor Quantenna router_command.sh (in the run_cmd argument) Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (Cβ¦
9.1
CVE-2025-3461 - ON Semiconductor Quantenna Telnet Missing Authentication
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through versiβ¦
7.7
CVE-2025-3460 - ON Semiconductor Quantenna set_tx_pow Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7Β (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/Cβ¦
7.7
CVE-2025-3459 - ON Semiconductor Quantenna transmit_file Argument Injection
The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:β¦
8.7
CVE-2025-5847 - Tenda AC9 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffβ¦
5.5
CVE-2025-27247 - Pasteboard has an improper preservation of permissions vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
3.3
CVE-2025-27242 - Ssecurity_component_manager has an improper input vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
3.3
CVE-2025-27563 - security_access_token has an improper preservation of permissions vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
3.3
CVE-2025-26693 - security_access_token has an improper preservation of permissions vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.