CVE-2026-41037
Command Injection in Quantum Networks Router CLI Enables Root RCE
Publication date: 2026-04-21
Last updated on: 2026-05-06
Assigner: Indian Computer Emergency Response Team (CERT-In)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qntmnet | qn-i-470_firmware | 6.1.1.b1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
Can you explain this vulnerability to me?
This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface.
An authenticated remote attacker could exploit this vulnerability by injecting arbitrary operating system commands on the targeted device.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker to perform brute force attacks on administrative credentials, potentially leading to unauthorized root access on the device.
Such unauthorized access could result in compromised confidentiality, integrity, and availability of data managed by the device.
Therefore, this vulnerability may negatively impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure access controls.