Description
This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device.
Published: 2026-04-21
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized device access
Action: Patch
AI Analysis

Impact

The vulnerability, classified as CWE-521, allows an attacker on the same network to attempt password guessing or brute‑force attacks against user accounts in the router’s web‑based management interface because strong password policies are not enforced. Successful authentication grants the attacker full administrative access to the device, compromising confidentiality, integrity, and availability of the network infrastructure.

Affected Systems

Quantum Networks Router model QN‑I‑470, running firmware version at_6.1.1.b1 or any earlier firmware lacking the policy enforcement fix.

Risk and Exploitability

The CVSS score of 7.6 indicates high severity, while the EPSS score of less than 1% shows a low but non‑zero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog, suggesting no currently known widespread attacks. The likely attack vector is a local network attacker who can reach the management interface, such as an insider or compromised host.

Generated by OpenCVE AI on April 22, 2026 at 03:22 UTC.

Remediation

Vendor Solution

Upgrade Quantum Networks Router QN-I-470 to latest firmware version 7.5.4.B9: https://www.qntmnet.com/wp-content/uploads/2026/04/QN-I-470-7.5.4.B9.qntm?ver=1775552129

OpenCVE Recommended Actions

  • Upgrade the router to firmware version 7.5.4.B9, which includes an enforced strong password policy.
  • Configure the router to require complex passwords using an appropriate policy that includes length, complexity, and change cadence.
  • Restrict access to the web‑based management interface to trusted IP ranges or VPN connections to limit the attack surface.

Generated by OpenCVE AI on April 22, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device.
Title Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470
First Time appeared Quantum Networks
Quantum Networks router Qn-i-470
Weaknesses CWE-521
CPEs cpe:2.3:a:quantum_networks:router_qn-i-470:at_6.1.1.b1:*:*:*:*:*:*:*
Vendors & Products Quantum Networks
Quantum Networks router Qn-i-470
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Quantum Networks Router Qn-i-470
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published:

Updated: 2026-04-21T13:14:55.975Z

Reserved: 2026-04-16T07:21:46.941Z

Link: CVE-2026-41038

cve-icon Vulnrichment

Updated: 2026-04-21T13:14:51.213Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T11:16:20.160

Modified: 2026-04-21T16:20:24.180

Link: CVE-2026-41038

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T03:30:06Z

Weaknesses