CVE-2024-13088

| EUVD-2024-54652 HIGH
2025-06-06 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2024-54652
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
CVE Published
Jun 06, 2025 - 16:15 nvd
HIGH 7.8

Tags

Authentication Bypass Qurouter

Description

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later

Analysis

CVE-2024-13088 is an improper authentication vulnerability (CWE-287) affecting QHora/QuRouter that allows local network attackers with low privileges to compromise system confidentiality, integrity, and availability. The vulnerability requires local network access and low privileges but no user interaction, making it a significant risk for networked environments. Patch versions QuRouter 2.5.0.140 and later are available, though KEV/EPSS data and active exploitation status are not confirmed in the provided intelligence.

Technical Context

The vulnerability stems from improper authentication mechanisms in QHora/QuRouter network devices (CWE-287 - Improper Authentication). This class of weakness indicates the device fails to properly verify the identity of users, processes, or systems before granting access to resources. Based on the CVSS vector (AV:L/AC:L/PR:L), the authentication bypass occurs at the local network level, suggesting the device's management interface, inter-process communication, or local service authentication is flawed. The low attack complexity indicates the exploitation method is straightforward and does not require special conditions or techniques. QHora appears to be a networking product line with QuRouter as a specific model variant.

Affected Products

QuRouter (< 2.5.0.140)

Remediation

Upgrade QuRouter firmware to version 2.5.0.140 or later; priority: Critical; details: Vendor has confirmed the vulnerability is fixed in QuRouter 2.5.0.140 and subsequent releases. Organizations should prioritize deployment of this patch or later versions. Workaround/Mitigation: Network Segmentation; details: Restrict local network access to QuRouter devices through network access control lists (ACLs), firewall rules, or VLAN segmentation. Limit access to management interfaces to trusted administrative networks only. Workaround/Mitigation: Privilege Access Management; details: Enforce strong authentication for any local network accounts with elevated privileges. Implement network monitoring to detect unauthorized authentication attempts or unusual access patterns. Detection: Monitor logs for suspicious authentication events on QuRouter management interfaces or local services; details: Enable detailed logging and review authentication failures, privilege escalation attempts, and configuration changes.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

CVE-2024-13088 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy