Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.
We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later
AnalysisAI
An SQL injection vulnerability exists in QNAP QuRouter that allows authenticated local administrators to execute unauthorized code or commands through SQL injection techniques. The vulnerability affects QuRouter versions prior to 2.6.2.007, and exploitation requires an attacker to first obtain legitimate administrator credentials on the affected device. While no CVSS score or EPSS data is currently published, the SQL injection classification (CWE-89) combined with code execution impact represents a critical risk for compromised administrator accounts.
Technical ContextAI
The vulnerability is classified as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), indicating that user-supplied input is not properly sanitized before being incorporated into SQL queries within the QuRouter application. QuRouter is QNAP's network routing and gateway appliance software (identified via CPE cpe:2.3:a:qnap_systems_inc.:qurouter). The SQL injection flaw allows an authenticated administrator to manipulate SQL queries to execute arbitrary commands, likely through administrative interface parameters or configuration fields that interact with the underlying database without proper input validation or parameterized query usage.
RemediationAI
Immediately upgrade QuRouter to version 2.6.2.007 or later using QNAP's official firmware update mechanism (consult https://www.qnap.com/en/security-advisory/qsa-26-12 for download and installation instructions). Until patching is completed, enforce principle of least privilege by restricting administrator account access to trusted personnel only, disable unnecessary administrative interfaces, and monitor administrator account activity for suspicious SQL-like patterns or unusual command execution. Consider isolating QuRouter devices on a protected management network segment to limit the impact of potential administrator account compromise.
A SQL injection vulnerability has been reported to affect QuRouter. Rated critical severity (CVSS 9.5), this vulnerabili
An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVS
CVE-2024-13088 is an improper authentication vulnerability (CWE-287) affecting QHora/QuRouter that allows local network
A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability
An OS command injection vulnerability has been reported to affect several product versions. Rated high severity (CVSS 7.
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have
An improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affects QNAP QHora/QuRouter dev
A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerabilit
A weak authentication vulnerability exists in QNAP QHora/QuRouter devices that allows attackers with local network acces
An improper restriction of communication channel to intended endpoints vulnerability (CWE-923) has been identified in QN
A command injection vulnerability has been reported to affect QuRouter 2.5.1. Rated high severity (CVSS 7.1), this vulne
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208901