CVE-2026-41036 - Vulnerability Details

- Command Injection Vulnerability in Quantum Networks Router QN-I-470

Description

This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device.

Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.

Published: 2026-04-21

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability arises from inadequate sanitization of user‑supplied input in the management CLI interface of the Quantum Networks Router QN‑I‑470. It allows an authenticated remote attacker to inject arbitrary OS commands, resulting in remote code execution with root privileges. The attacker can compromise the device’s confidentiality, integrity, and availability, potentially taking full control of the entire router.

Affected Systems

Quantum Networks Router QN‑I‑470 running firmware at_6.1.1.b1 is affected. The product is identified by the vendor name Quantum Networks and the model QN‑I‑470.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity with local privileges needed but network exposure to an authenticated attacker. The EPSS score of less than 1% suggests a very low probability of exploitation in the near term, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is a remote authenticated connection to the router’s CLI, where the attacker can supply commands that are not properly sanitized. If exploited, the attacker gains full control of the device.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Quantum Networks

Router QN-I-470

unaffected

Version	Status	Constraints
`at 6.1.1.B1`	affected	—

No data.

No data available yet.

Remediation

Vendor Solution

Upgrade Quantum Networks Router QN-I-470 to latest firmware version 7.5.4.B9: https://www.qntmnet.com/wp-content/uploads/2026/04/QN-I-470-7.5.4.B9.qntm?ver=1775552129

OpenCVE Recommended Actions

Upgrade Quantum Networks Router QN‑I‑470 to firmware version 7.5.4.B9 as specified by the vendor
Restrict remote CLI access to a limited set of trusted IP addresses or disable it entirely until the firmware upgrade is applied
Ensure that only strongly authenticated users with least privileges can access the CLI, and enforce secure password or key‑based authentication mechanisms

Generated by OpenCVE AI on April 22, 2026 at 05:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00405.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200

History

Tue, 21 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 21 Apr 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
Title		Command Injection Vulnerability in Quantum Networks Router QN-I-470
First Time appeared		Quantum Networks Quantum Networks router Qn-i-470
Weaknesses		CWE-78
CPEs		cpe:2.3:a:quantum_networks:router_qn-i-470:at_6.1.1.b1:::::::*
Vendors & Products		Quantum Networks Quantum Networks router Qn-i-470
References		https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Quantum Networks Router Qn-i-470

MITRE

Status: PUBLISHED

Assigner: CERT-In

Published: 2026-04-21T10:07:47.488Z

Updated: 2026-04-21T13:17:54.592Z

Reserved: 2026-04-16T07:21:46.940Z

Link: CVE-2026-41036

Vulnrichment

Updated: 2026-04-21T13:17:50.325Z

NVD

Status : Awaiting Analysis

Published: 2026-04-21T10:16:30.800

Modified: 2026-04-21T16:20:24.180

Link: CVE-2026-41036

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T06:00:09Z

Weaknesses

CWE-78

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object