CVE-2025-3461

high-risk

Published 2025-06-08

The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a CVSS 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.1/10 Critical

NETWORK / LOW complexity

Affected Products (18)

Qhs710 Firmware

Qsr10Ga Firmware

Qsr10Gu Firmware

Qv840 Firmware

Qv840C Firmware

Qv860 Firmware

Qv940 Firmware

Qv942C Firmware

Qv952C Firmware

Qcs-Ax2-S5 Firmware

Qcs-Ax3-A12 Firmware

Qcs-Ax3-T12 Firmware

Qcs-Ax3-T8 Firmware

Qcs-Ax3-S5 Firmware

Qcs-Ax2-A12 Firmware

Qcs-Ax2-T12 Firmware

Qcs-Ax2-T8 Firmware

Qd840 Firmware

Affected Vendors

Onsemi

References (2)

Release Notes https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-s...

Exploit https://takeonme.org/cves/cve-2025-3461/

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate