{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3460", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "state": "PUBLISHED", "assignerShortName": "AHA", "dateReserved": "2025-04-08T23:41:08.314Z", "datePublished": "2025-06-08T21:02:24.334Z", "dateUpdated": "2025-06-09T18:33:57.925Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Quantenna Wi-Fi chipset", "vendor": "ON Semiconductor", "versions": [{"lessThanOrEqual": "8.0.0.28", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"}, {"lang": "en", "type": "coordinator", "value": "todb"}], "datePublic": "2025-06-08T21:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.7&nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).<br><p>This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.</p>"}], "value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2025-06-09T18:33:57.925Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://takeonme.org/cves/cve-2025-3460"}, {"tags": ["vendor-advisory"], "url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"}], "source": {"discovery": "EXTERNAL"}, "title": "ON Semiconductor Quantenna set_tx_pow Argument Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T15:02:58.903057Z", "id": "CVE-2025-3460", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:03:04.372Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3460", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-09T15:02:58.903057Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:03:00.605Z"}}], "cna": {"title": "ON Semiconductor Quantenna set_tx_pow Argument Injection", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Ricky \"HeadlessZeke\" Lawshae of Keysight"}, {"lang": "en", "type": "coordinator", "value": "todb"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ON Semiconductor", "product": "Quantenna Wi-Fi chipset", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.0.0.28"}], "defaultStatus": "unaffected"}], "datePublic": "2025-06-08T21:00:00.000Z", "references": [{"url": "https://takeonme.org/cves/cve-2025-3460", "tags": ["third-party-advisory"]}, {"url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.", "supportingMedia": [{"type": "text/html", "value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.7&nbsp;(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).<br><p>This issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2025-06-09T18:33:57.925Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3460", "state": "PUBLISHED", "dateUpdated": "2025-06-09T18:33:57.925Z", "dateReserved": "2025-04-08T23:41:08.314Z", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "datePublished": "2025-06-08T21:02:24.334Z", "assignerShortName": "AHA"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, \"Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),\" and is estimated as a CVSS 7.7\u00a0(CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).\nThis issue affects Quantenna Wi-Fi chipset through version 8.0.0.28 of the latest SDK, and appears to be unpatched at the time of this CVE record's first publishing, though the vendor has released a best practices guide for implementors of this chipset."}, {"lang": "es", "value": "El Chipset Wi-Fi Quantenna se entrega con un script de control local, set_tx_pow, vulnerable a la inyecci\u00f3n de comandos. Se trata de una instancia de CWE-88, \"Neutralizaci\u00f3n incorrecta de delimitadores de argumentos en un comando ('Inyecci\u00f3n de argumentos')\", y se estima como CVSS 7.7 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). Este problema afecta al chipset Quantenna Wi-Fi hasta la versi\u00f3n 8.0.0.28 del \u00faltimo SDK, y parece no tener parche en el momento de la primera publicaci\u00f3n de este registro CVE, aunque el proveedor ha publicado una gu\u00eda de mejores pr\u00e1cticas para los implementadores de este chipset."}], "id": "CVE-2025-3460", "lastModified": "2025-06-09T19:15:24.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.2, "source": "cve@takeonme.org", "type": "Secondary"}]}, "published": "2025-06-08T21:15:32.900", "references": [{"source": "cve@takeonme.org", "url": "https://community.onsemi.com/s/article/QCS-Quantenna-Wi-Fi-product-support-and-security-best-practices"}, {"source": "cve@takeonme.org", "url": "https://takeonme.org/cves/cve-2025-3460"}], "sourceIdentifier": "cve@takeonme.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "cve@takeonme.org", "type": "Secondary"}]}

{}