Skip to main content

Qurouter CVE-2025-62843

| EUVDEUVD-2025-208895 LOW
Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)
2026-03-20 qnap
0.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
0.9 LOW
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
2.6.3.009
EUVD ID Assigned
Mar 20, 2026 - 16:30 euvd
EUVD-2025-208895
Analysis Generated
Mar 20, 2026 - 16:30 vuln.today
CVE Published
Mar 20, 2026 - 16:22 nvd
LOW 0.9

DescriptionCVE.org

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.

We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later

AnalysisAI

An improper restriction of communication channel to intended endpoints vulnerability (CWE-923) has been identified in QNAP QHora devices, allowing attackers with physical access to exploit insufficient endpoint validation and gain privileges intended for legitimate endpoints. The vulnerability affects QHora/QuRouter products prior to version 2.6.3.009. While no CVSS score or EPSS data is currently available and the vulnerability does not appear in active exploitation databases (KEV), the physical access requirement significantly constrains real-world exploitability, though the privilege escalation impact remains concerning for organizations with physical security controls.

Technical ContextAI

This vulnerability exists in QNAP QHora/QuRouter networking appliances and stems from improper validation of communication endpoints, classified under CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints). The root cause involves insufficient cryptographic or logical verification mechanisms that authenticate whether communication originates from or is destined to authorized endpoints. In the context of network routing and management interfaces, this could manifest as weak certificate validation, missing mutual TLS authentication, or inadequate MAC address/hardware binding verification. The affected product (CPE: cpe:2.3:a:qnap_systems_inc.:qurouter:*:*:*:*:*:*:*:*) is a commercial routing appliance where such communication channel flaws could allow an attacker with physical access to the device or its local network to impersonate legitimate management endpoints.

RemediationAI

Immediately upgrade affected QHora and QuRouter devices to firmware version 2.6.3.009 or later, available from QNAP's security advisory at https://www.qnap.com/en/security-advisory/qsa-26-12. Until patching can be completed, enforce strict physical access controls to network appliances, disable unnecessary management interfaces, restrict management access to trusted networks only via firewall rules, and isolate QHora/QuRouter devices on dedicated VLAN segments with egress filtering. Additionally, enable all available authentication mechanisms (mutual TLS, certificate pinning if supported) and monitor device logs for unauthorized endpoint connection attempts.

CVE-2024-50389 CRITICAL
9.5 Dec 06

A SQL injection vulnerability has been reported to affect QuRouter. Rated critical severity (CVSS 9.5), this vulnerabili

CVE-2024-48860 CRITICAL
9.5 Nov 22

An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVS

CVE-2024-13088 HIGH
7.8 Jun 06

CVE-2024-13088 is an improper authentication vulnerability (CWE-287) affecting QHora/QuRouter that allows local network

CVE-2024-50390 HIGH
7.7 Mar 07

A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability

CVE-2025-62846 HIGH
7.3 Mar 20

An SQL injection vulnerability exists in QNAP QuRouter that allows authenticated local administrators to execute unautho

CVE-2024-48861 HIGH
7.3 Nov 22

An OS command injection vulnerability has been reported to affect several product versions. Rated high severity (CVSS 7.

CVE-2024-13087 MEDIUM
6.7 Jun 06

A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have

CVE-2025-62845 MEDIUM
5.6 Mar 20

An improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affects QNAP QHora/QuRouter dev

CVE-2024-53700 MEDIUM
5.1 Mar 07

A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerabilit

CVE-2025-62844 MEDIUM
4.0 Mar 20

A weak authentication vulnerability exists in QNAP QHora/QuRouter devices that allows attackers with local network acces

CVE-2025-29887 HIGH
7.1 Aug 29

A command injection vulnerability has been reported to affect QuRouter 2.5.1. Rated high severity (CVSS 7.1), this vulne

Share

CVE-2025-62843 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy