High severity8.8NVD Advisory· Published Apr 21, 2026· Updated May 6, 2026

CVE-2026-41037

Description

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative credentials, leading to unauthorized access with root privileges on the targeted device.

Affected products

Qntmnet/Qn I 470 Firmware
cpe:2.3:o:qntmnet:qn-i-470_firmware:6.1.1.b1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cert-in.org.in/s2cMainServletnvdPatchVendor Advisory

News mentions

No linked articles in our index yet.

Severity

HighCVSS v3.1

8.8/ 10

CVSS v48.7

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Adjacent
Complexity: Low
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

Probability of exploitation in the next 30 days.

0.03%

VYPR risk score

Composite of severity, exploitation, and reach.

0.57high

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-307
Improper Restriction of Excessive Authentication Attempts

CVE ID

CVE-2026-41037

Credits

TV
This vulnerability is reported by Rakesh Elamaran, Stalin S, Janish Andrin J, Kali Vignesh SM, Arkino Robilin R and Kalpana B N.
finder