ON Semiconductor Quantenna Wi-Fi Chipsets Unauthenticated Telnet Interface Vulnerability

A vulnerability exists in Quantenna Wi-Fi chipsets from ON Semiconductor, allowing unauthenticated access to the telnet interface by default. This issue, categorized as CWE-306 (Missing Authentication for Critical Function), affects Quantenna Wi-Fi chipsets through version 8.0.0.28 of the latest SDK. The vulnerability is unpatched as of the initial CVE publication, although the vendor has released a best practices guide for implementors.

Impact

Exploitation of this vulnerability allows for unauthorized access to the chip's operating system with root privileges, potentially leading to complete control over the device.

Reproduction

The vulnerability can be reproduced by enabling the telnet service through the 'qcsapi' RPC service commands, which can be executed remotely without authentication. Once the telnet service is active, connecting to the telnet port and logging in as 'root' will grant access without a password.

Remediation

ON Semiconductor recommends disabling the telnet interface and changing default passwords for production releases. Guidance for these actions is available in the Quantenna System Security - Best Practices Guide.