Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-41037

Summary
Assigner-CERT-In
Assigner Org ID-66834db9-ab24-42b4-be80-296b2e40335c
Published At-21 Apr, 2026 | 10:04
Updated At-21 Apr, 2026 | 13:19
Rejected At-
Credits

Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-In
Assigner Org ID:66834db9-ab24-42b4-be80-296b2e40335c
Published At:21 Apr, 2026 | 10:04
Updated At:21 Apr, 2026 | 13:19
Rejected At:
▼CVE Numbering Authority (CNA)
Missing Rate Limiting Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.

Affected Products
Vendor
Quantum Networks
Product
Router QN-I-470
Default Status
unaffected
Versions
Affected
  • at 6.1.1.B1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-307CWE-307 Improper restriction of excessive authentication attempts
Type: CWE
CWE ID: CWE-307
Description: CWE-307 Improper restriction of excessive authentication attempts
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-49CAPEC-49 Password Brute Forcing
CAPEC ID: CAPEC-49
Description: CAPEC-49 Password Brute Forcing
Solutions

Upgrade Quantum Networks Router QN-I-470 to latest firmware version 7.5.4.B9: https://www.qntmnet.com/wp-content/uploads/2026/04/QN-I-470-7.5.4.B9.qntm?ver=1775552129

Configurations
Workarounds
Exploits
Credits
finder
This vulnerability is reported by Rakesh Elamaran, Stalin S, Janish Andrin J, Kali Vignesh SM, Arkino Robilin R and Kalpana B N.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200
third-party-advisory
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vdisclose@cert-in.org.in
Published At:21 Apr, 2026 | 10:16
Updated At:06 May, 2026 | 18:12

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
qntmnet
qntmnet
>>qn-i-470_firmware>>6.1.1.b1
cpe:2.3:o:qntmnet:qn-i-470_firmware:6.1.1.b1:*:*:*:*:*:*:*
qntmnet
qntmnet
>>qn-i-470>>-
cpe:2.3:h:qntmnet:qn-i-470:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-307Primaryvdisclose@cert-in.org.in
CWE ID: CWE-307
Type: Primary
Source: vdisclose@cert-in.org.in
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200vdisclose@cert-in.org.in
Patch
Vendor Advisory
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200
Source: vdisclose@cert-in.org.in
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2026-41038
Matching Score-8
Assigner-Indian Computer Emergency Response Team (CERT-In)
ShareView Details
Matching Score-8
Assigner-Indian Computer Emergency Response Team (CERT-In)
CVSS Score-7.6||HIGH
EPSS-0.02% / 6.86%
||
7 Day CHG-0.00%
Published-21 Apr, 2026 | 10:22
Updated-06 May, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading to unauthorized access to the targeted device.

Action-Not Available
Vendor-qntmnetQuantum Networks
Product-qn-i-470_firmwareqn-i-470Router QN-I-470
CWE ID-CWE-521
Weak Password Requirements
CVE-2023-24051
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.12% / 30.06%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 10:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.

Action-Not Available
Vendor-connectizen/aconnectize
Product-ac21000_g6_firmwareac21000_g6n/aac21000_g6_firmware
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2020-13872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 72.29%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 18:32
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach.

Action-Not Available
Vendor-royalappsn/aMicrosoft Corporation
Product-windowsroyal_tsn/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-24402
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Matching Score-4
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-8.8||HIGH
EPSS-0.39% / 59.75%
||
7 Day CHG~0.00%
Published-19 Oct, 2023 | 09:32
Updated-12 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intentionally weakened effective strength in TETRA TEA1

The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystream generation phase, which is insufficient to safeguard against exhaustive search attacks.

Action-Not Available
Vendor-midnightblueETSI
Product-tetra\TETRA Standard
CWE ID-CWE-334
Small Space of Random Values
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
Details not found