CVE-2025-62844

MEDIUM

QNAP QuRouter < 2.6.2.007 - Weak Authentication Information Disclosure

Title source: manual

Description

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later

References (1)

Core 1

Core References

https://www.qnap.com/en/security-advisory/qsa-26-12

Scores

CVSS v3 5.5

EPSS 0.0020

EPSS Percentile 9.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1390

Status published

Products (4)

qnap/qurouter 2.6.0.239 build_20250625

qnap/qurouter 2.6.0.688 build_20250818

qnap/qurouter 2.6.1.028 build_20251001

QNAP Systems Inc./QuRouter 2.6.x - 2.6.2.007

Published Mar 20, 2026

Tracked Since Mar 20, 2026