Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Qianniao | Qn-l23pa0904 | 90% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 03 Apr 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Root Access via Crafted Firmware Update Script on Qianniao QN-L23PA0904 | |
| First Time appeared |
Qianniao
Qianniao qn-l23pa0904 |
|
| Vendors & Products |
Qianniao
Qianniao qn-l23pa0904 |
Thu, 02 Apr 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card. | |
| Weaknesses | CWE-345 CWE-494 |
|
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-04-02T17:57:43.296Z
Reserved: 2026-03-04T00:00:00.000Z
Link: CVE-2026-30603
Vulnrichment
Updated: 2026-04-02T17:54:17.342Z
NVD
Status : Awaiting Analysis
Published: 2026-04-02T17:16:22.287
Modified: 2026-04-03T16:10:23.730
Link: CVE-2026-30603
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-04-03T09:19:00Z