Description
This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device.

Successful exploitation of this vulnerability could allow the attacker to access sensitive information, including internal endpoints, scripts and directories on the targeted device.
Published: 2026-04-21
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

A vulnerable Quantum Networks router exposes its web‑based management interface with improper access control and insecure default configuration, a weakness classified as CWE‑306 (Improper Authentication). An unauthenticated attacker can reach exposed API endpoints and read data sent by the device, including internal endpoints, scripts and directories. The flaw allows the attacker to view sensitive configuration information and potentially discover operational details of the network.

Affected Systems

The vulnerability affects Quantum Networks Router QN‑I‑470 running firmware version 6.1.1.b1 and any earlier firmware that have not received the patch. The affected product is the Quantum Networks Router QN‑I‑470.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, but an unauthenticated attacker can still exploit the exposed APIs to gain sensitive information. In practice, the limited attack surface requires connectivity to the device’s management network and the presence of the exposed endpoints, which can be mitigated by disabling or restricting the web interface.

Generated by OpenCVE AI on April 22, 2026 at 05:48 UTC.

Remediation

Vendor Solution

Upgrade Quantum Networks Router QN-I-470 to latest firmware version 7.5.4.B9: https://www.qntmnet.com/wp-content/uploads/2026/04/QN-I-470-7.5.4.B9.qntm?ver=1775552129

OpenCVE Recommended Actions

  • Upgrade the router firmware to 7.5.4.B9, the officially released version that removes the insecure default configuration and mandates authentication for API access.
  • Restrict access to the router’s management interface to a limited internal subnet or VPN, ensuring that only authorized administrators can reach the exposed API endpoints.
  • Disable or remove any unused web‑based management services that expose configuration data, and apply the vendor’s default secure settings to eliminate exposed directories and script listings.

Generated by OpenCVE AI on April 22, 2026 at 05:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Description This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful exploitation of this vulnerability could allow the attacker to access sensitive information, including internal endpoints, scripts and directories on the targeted device.
Title Information Disclosure Vulnerability in Quantum Networks Router QN-I-470
First Time appeared Quantum Networks
Quantum Networks router Qn-i-470
Weaknesses CWE-306
CPEs cpe:2.3:a:quantum_networks:router_qn-i-470:at_6.1.1.b1:*:*:*:*:*:*:*
Vendors & Products Quantum Networks
Quantum Networks router Qn-i-470
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Quantum Networks Router Qn-i-470
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-In

Published:

Updated: 2026-04-21T13:13:59.843Z

Reserved: 2026-04-16T07:21:46.941Z

Link: CVE-2026-41039

cve-icon Vulnrichment

Updated: 2026-04-21T13:13:55.591Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T11:16:20.287

Modified: 2026-04-21T16:20:24.180

Link: CVE-2026-41039

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T06:00:09Z

Weaknesses