CVE-2024-13088 MEDIUM

CVE-2024-13088: QHora

Vendor Qnap Systems Inc.
Product QuRouter
Weakness CWE-287 · Improper authentication
Published June 6, 2025
Last update June 6, 2025

CVSS base score

5.2/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later

Key dates

02Disclosure timeline

June 6, 2025 CVE published
June 6, 2025 Record updated