CVE-2025-3460

{"id": "CVE-2025-3460", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@takeonme.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-06-08T21:15:32.900", "references": [{"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices", "tags": ["Release Notes"], "source": "cve@takeonme.org"}, {"url": "https://takeonme.org/cves/cve-2025-3460", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@takeonme.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve@takeonme.org", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset."}, {"lang": "es", "value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, set_tx_pow, vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando ('Inyecci\u00f3n de argumentos')\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."}], "lastModified": "2026-01-21T16:02:39.167", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax3-s5_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C5D4D8E-A41C-4D0C-9578-E69DC5DDB3D9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax3-s5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB0AC0AF-7C11-4905-B211-111212998385"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax2-a12_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D414E9E4-6F93-4EA8-84DC-905922FDBD06"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax2-a12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "79562B8A-BB90-4177-BAB3-1416068267EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t12_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE696B7A-5577-4FCB-A03F-E0DC559D59DE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "53245E1E-E042-4E5E-AC29-ADD8E2A50B10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax2-t8_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFEE75DF-ED15-4668-A3A8-045F1FC49146"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax2-t8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F1B80A5-C5E1-4E27-A29F-AAE8E0CCB5D5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qd840_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "201FE93B-24B3-4A7C-B70D-DC5BEDAA3ABE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qd840:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0AED31B5-45B4-4B29-AFF6-30EA105E614C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qhs710_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1EF23D-0818-45EC-994D-724386942A71"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qhs710:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B69BD90A-2A66-4BFB-A0C4-D3ADB8411041"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qsr10ga_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F592DA6-9495-4E3C-A79B-A28DD6874520"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qsr10ga:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99041EF1-ED9D-4353-8E01-0B8CB22DA2C3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qsr10gu_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9AD4080-696E-4C46-B783-9004FA2C45AF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qsr10gu:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C87E0F74-9B42-443F-8C3B-8FC9D4BFD510"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qv840_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD2BE706-C865-49B1-8362-582F5EBD1ABC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qv840:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB3E4D33-5A1B-4433-91BB-250B3F450E91"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qv840c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DDEF7C9-D357-49F9-9EAF-09A1EA553308"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qv840c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6C408E3F-1E76-4C8B-B7B1-66AE354E8F50"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qv860_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72DECB62-7BBE-4D28-BEDA-49B7B1B0EEEF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qv860:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "188A2714-610D-478D-AC78-6B1ECB630262"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qv940_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B67844F-5D25-480E-A4E7-D1B479B29F18"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qv940:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E753ABE-FB01-44AB-A3B4-11CE6324F695"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qv942c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EBE3DDB-C027-4E42-931F-37049B9342FC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qv942c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "844142EA-A9D6-43D0-AAAB-60F278B548E8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qv952c_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6DE9F57-D6A3-4754-B8B5-1778AE4744E7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qv952c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AD87FBC-0311-41E1-84FA-943B61DA24CA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax2-s5_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94644163-15D7-4008-926F-60D2FC9E5C26"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax2-s5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE3A35F1-8882-4712-9373-0D557F782C21"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax3-a12_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB9BA025-1514-444D-A0EC-5E672C5D0D93"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax3-a12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "602A5E47-972E-4F89-893B-57526C047F4D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t12_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95A768A1-E025-4D32-81C6-55AE8F099B4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t12:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "290A68E7-3CFC-4517-8FB7-5F372A2B569A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:onsemi:qcs-ax3-t8_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5849D0A2-BE17-46EC-979C-A36B88C1DDC3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:onsemi:qcs-ax3-t8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4221C204-94FD-4951-87FB-F5EAD0E1D315"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@takeonme.org"}