Description
This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.
Published: 2026-04-21
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation by brute‑force login
Action: Patch Immediately
AI Analysis

Impact

The flaw stems from the absence of rate limiting and CAPTCHAs on the web‑based administration portal of Quantum Networks routers. This allows an attacker who can reach the interface to attempt uncontrolled login guesses, potentially gaining root privileges on the device. The weakness aligns with CWE‑307, where insecure default or weak authentication permits credential stuffing or brute‑force attacks.

Affected Systems

Quantum Networks routers, model QN‑I‑470. All firmware releases prior to version 7.5.4.B9—specifically those identified as at_6.1.1.b1 and earlier—are susceptible, as the vendor’s advisory recommends upgrading to firmware 7.5.4.B9 to remediate the issue.

Risk and Exploitability

The CVSS score of 8.7 marks the vulnerability as high severity. While the EPSS score is below 1 % and the vulnerability is not listed in CISA’s KEV catalog, an attacker on the same local network can still exploit the web interface to conduct brute‑force attempts. Successful exploitation would grant full administrative control, leading to complete compromise of the device and potential lateral movement within the network.

Generated by OpenCVE AI on April 21, 2026 at 23:05 UTC.

Remediation

Vendor Solution

Upgrade Quantum Networks Router QN-I-470 to latest firmware version 7.5.4.B9: https://www.qntmnet.com/wp-content/uploads/2026/04/QN-I-470-7.5.4.B9.qntm?ver=1775552129

OpenCVE Recommended Actions

  • Upgrade the router to firmware 7.5.4.B9 as published by Quantum Networks
  • If the upgrade cannot be performed immediately, restrict access to the web‑based management console using network segmentation or firewalls, limiting the traffic to trusted management hosts only
  • Enforce the use of strong, unique passwords for all administrative accounts and optionally disable accounts that are not in active use to reduce the attack surface

Generated by OpenCVE AI on April 21, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-78

Tue, 21 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device. This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.
Title Command Injection Vulnerability in Quantum Networks Router QN-I-470 Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470
Weaknesses CWE-307
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

 cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Tue, 21 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in Quantum Networks router due to inadequate sanitization of user-supplied input in the management CLI interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary OS commands on the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform remote code execution with root privileges on the targeted device.
Title Command Injection Vulnerability in Quantum Networks Router QN-I-470
First Time appeared Quantum Networks
Quantum Networks router Qn-i-470
Weaknesses CWE-78
CPEs cpe:2.3:a:quantum_networks:router_qn-i-470:at_6.1.1.b1:*:*:*:*:*:*:*
Vendors & Products Quantum Networks
Quantum Networks router Qn-i-470
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Quantum Networks Router Qn-i-470
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published:

Updated: 2026-04-21T13:19:09.396Z

Reserved: 2026-04-16T07:21:46.940Z

Link: CVE-2026-41037

cve-icon Vulnrichment

Updated: 2026-04-21T13:18:51.978Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T10:16:30.957

Modified: 2026-04-21T16:20:24.180

Link: CVE-2026-41037

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T23:15:03Z

Weaknesses