High severity7.5NVD Advisory· Published Apr 21, 2026· Updated May 6, 2026

CVE-2026-41039

Description

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device.

Successful exploitation of this vulnerability could allow the attacker to access sensitive information, including internal endpoints, scripts and directories on the targeted device.

Affected products

Qntmnet/Qn I 470 Firmware
cpe:2.3:o:qntmnet:qn-i-470_firmware:6.1.1.b1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cert-in.org.in/s2cMainServletnvdThird Party Advisory

News mentions

No linked articles in our index yet.

Severity

HighCVSS v3.1

7.5/ 10

CVSS v48.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack vector: Network
Complexity: Low
Privileges: None
User interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

Probability of exploitation in the next 30 days.

0.06%

VYPR risk score

Composite of severity, exploitation, and reach.

0.49medium

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-306
Missing Authentication for Critical Function

CVE ID

CVE-2026-41039

Credits

TV
This vulnerability is reported by Rakesh Elamaran, Joel William A, Bajino Viju, Stalin S, Janish Andrin J and Kalpana B N.
finder