CVE-2025-3460

moderate-risk

Published 2025-06-08

The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')," and is estimated as a CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.7/10 High

LOCAL / LOW complexity

Affected Products (18)

Qcs-Ax3-S5 Firmware

Qcs-Ax2-A12 Firmware

Qcs-Ax2-T12 Firmware

Qcs-Ax2-T8 Firmware

Qd840 Firmware

Qhs710 Firmware

Qsr10Ga Firmware

Qsr10Gu Firmware

Qv840 Firmware

Qv840C Firmware

Qv860 Firmware

Qv940 Firmware

Qv942C Firmware

Qv952C Firmware

Qcs-Ax2-S5 Firmware

Qcs-Ax3-A12 Firmware

Qcs-Ax3-T12 Firmware

Qcs-Ax3-T8 Firmware

Affected Vendors

Onsemi

References (2)

Release Notes https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-s...

Exploit https://takeonme.org/cves/cve-2025-3460

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 3/34 · Minimal

Exposure 19/34 · Moderate