CVE-2025-62843

| EUVD-2025-208895 LOW
2026-03-20 qnap
0.9
CVSS 4.0

CVSS Vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 20, 2026 - 16:30 euvd
EUVD-2025-208895
Analysis Generated
Mar 20, 2026 - 16:30 vuln.today
CVE Published
Mar 20, 2026 - 16:22 nvd
LOW 0.9

Tags

Privilege Escalation Authentication Bypass Qurouter

Description

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later

Analysis

An improper restriction of communication channel to intended endpoints vulnerability (CWE-923) has been identified in QNAP QHora devices, allowing attackers with physical access to exploit insufficient endpoint validation and gain privileges intended for legitimate endpoints. The vulnerability affects QHora/QuRouter products prior to version 2.6.3.009. While no CVSS score or EPSS data is currently available and the vulnerability does not appear in active exploitation databases (KEV), the physical access requirement significantly constrains real-world exploitability, though the privilege escalation impact remains concerning for organizations with physical security controls.

Technical Context

This vulnerability exists in QNAP QHora/QuRouter networking appliances and stems from improper validation of communication endpoints, classified under CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints). The root cause involves insufficient cryptographic or logical verification mechanisms that authenticate whether communication originates from or is destined to authorized endpoints. In the context of network routing and management interfaces, this could manifest as weak certificate validation, missing mutual TLS authentication, or inadequate MAC address/hardware binding verification. The affected product (CPE: cpe:2.3:a:qnap_systems_inc.:qurouter:*:*:*:*:*:*:*:*) is a commercial routing appliance where such communication channel flaws could allow an attacker with physical access to the device or its local network to impersonate legitimate management endpoints.

Affected Products

QNAP QHora and QuRouter devices running versions prior to 2.6.3.009 are affected, as confirmed by the vendor advisory. The vulnerability is tracked against the CPE string cpe:2.3:a:qnap_systems_inc.:qurouter:*:*:*:*:*:*:*:*, indicating all QuRouter product variants below the patched version are in scope. Users should consult the official QNAP security advisory at https://www.qnap.com/en/security-advisory/qsa-26-12 for complete product-specific version details and firmware availability.

Remediation

Immediately upgrade affected QHora and QuRouter devices to firmware version 2.6.3.009 or later, available from QNAP's security advisory at https://www.qnap.com/en/security-advisory/qsa-26-12. Until patching can be completed, enforce strict physical access controls to network appliances, disable unnecessary management interfaces, restrict management access to trusted networks only via firewall rules, and isolate QHora/QuRouter devices on dedicated VLAN segments with egress filtering. Additionally, enable all available authentication mechanisms (mutual TLS, certificate pinning if supported) and monitor device logs for unauthorized endpoint connection attempts.

Priority Score

5
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +4
POC: 0

Share

CVE-2025-62843 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy