Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.
We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later
AnalysisAI
An improper restriction of communication channel to intended endpoints vulnerability (CWE-923) has been identified in QNAP QHora devices, allowing attackers with physical access to exploit insufficient endpoint validation and gain privileges intended for legitimate endpoints. The vulnerability affects QHora/QuRouter products prior to version 2.6.3.009. While no CVSS score or EPSS data is currently available and the vulnerability does not appear in active exploitation databases (KEV), the physical access requirement significantly constrains real-world exploitability, though the privilege escalation impact remains concerning for organizations with physical security controls.
Technical ContextAI
This vulnerability exists in QNAP QHora/QuRouter networking appliances and stems from improper validation of communication endpoints, classified under CWE-923 (Improper Restriction of Communication Channel to Intended Endpoints). The root cause involves insufficient cryptographic or logical verification mechanisms that authenticate whether communication originates from or is destined to authorized endpoints. In the context of network routing and management interfaces, this could manifest as weak certificate validation, missing mutual TLS authentication, or inadequate MAC address/hardware binding verification. The affected product (CPE: cpe:2.3:a:qnap_systems_inc.:qurouter:*:*:*:*:*:*:*:*) is a commercial routing appliance where such communication channel flaws could allow an attacker with physical access to the device or its local network to impersonate legitimate management endpoints.
RemediationAI
Immediately upgrade affected QHora and QuRouter devices to firmware version 2.6.3.009 or later, available from QNAP's security advisory at https://www.qnap.com/en/security-advisory/qsa-26-12. Until patching can be completed, enforce strict physical access controls to network appliances, disable unnecessary management interfaces, restrict management access to trusted networks only via firewall rules, and isolate QHora/QuRouter devices on dedicated VLAN segments with egress filtering. Additionally, enable all available authentication mechanisms (mutual TLS, certificate pinning if supported) and monitor device logs for unauthorized endpoint connection attempts.
A SQL injection vulnerability has been reported to affect QuRouter. Rated critical severity (CVSS 9.5), this vulnerabili
An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVS
CVE-2024-13088 is an improper authentication vulnerability (CWE-287) affecting QHora/QuRouter that allows local network
A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability
An SQL injection vulnerability exists in QNAP QuRouter that allows authenticated local administrators to execute unautho
An OS command injection vulnerability has been reported to affect several product versions. Rated high severity (CVSS 7.
A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have
An improper neutralization of escape, meta, or control sequences vulnerability (CWE-150) affects QNAP QHora/QuRouter dev
A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerabilit
A weak authentication vulnerability exists in QNAP QHora/QuRouter devices that allows attackers with local network acces
A command injection vulnerability has been reported to affect QuRouter 2.5.1. Rated high severity (CVSS 7.1), this vulne
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208895