CVE-2026-41036
Received
Received - Intake
Command Injection in Quantum Networks Router CLI Enables Root RCE
Publication date: 2026-04-21
Last updated on: 2026-05-06
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device.
Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qntmnet | qn-i-470_firmware | 6.1.1.b1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface.
An authenticated remote attacker could exploit this vulnerability by injecting arbitrary operating system commands on the targeted device.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70