Описание (на английском; русское — в БДУ выше)
The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.
Затрагиваемое ПО
Onsemi Qhs710 firmwareOnsemi Qhs710Onsemi Qsr10ga firmwareOnsemi Qsr10gaOnsemi Qsr10gu firmwareOnsemi Qsr10guOnsemi Qv840 firmwareOnsemi Qv840Onsemi Qv840c firmwareOnsemi Qv840cOnsemi Qv860 firmwareOnsemi Qv860Onsemi Qv940 firmwareOnsemi Qv940Onsemi Qv942c firmwareOnsemi Qv942cOnsemi Qv952c firmwareOnsemi Qv952cOnsemi Qcs-ax2-s5 firmwareOnsemi Qcs-ax2-s5Onsemi Qcs-ax3-a12 firmwareOnsemi Qcs-ax3-a12Onsemi Qcs-ax3-t12 firmwareOnsemi Qcs-ax3-t12Onsemi Qcs-ax3-t8 firmware
CVSS
| Балл | 9.1 — критическая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Источники
https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practiceshttps://takeonme.org/cves/cve-2025-3461/