Description
An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.

We have already fixed the vulnerability in the following version:
QuRouter 2.6.3.009 and later
Published: 2026-03-20
Score: 0.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

An improper restriction of the communication channel has been reported in QNAP’s QuRouter routers. The flaw allows an attacker with physical access to impersonate the router’s intended communication endpoint, sending malicious commands that the device treats as legitimate. This leads to the attacker gaining the same privileges that would normally be granted to the intended endpoint.

Affected Systems

QNAP Systems Inc. routers running QuRouter firmware versions 2.6.0.239 through 2.6.2.007 are affected. Users of these builds are vulnerable and should update if possible.

Risk and Exploitability

The CVSS score of 0.9 indicates low severity, and the EPSS score is below 1%, implying a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires physical proximity to the device to send traffic on its privileged communication channels, making it a local, targeted attack that can grant the attacker elevated privileges.

Generated by OpenCVE AI on April 14, 2026 at 15:54 UTC.

Remediation

Vendor Solution

We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later

OpenCVE Recommended Actions

  • Apply the vendor’s patch by upgrading to QuRouter 2.6.3.009 or later.
  • If a patch cannot be applied immediately, restrict physical access to the router to authorized personnel only.
  • Ensure unused management interfaces are disabled to prevent unauthorized traffic from reaching the router.

Generated by OpenCVE AI on April 14, 2026 at 15:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Qnap
Qnap qurouter
CPEs cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*
cpe:2.3:o:qnap:qurouter:2.6.2.007:build_20251027:*:*:*:*:*:*
Vendors & Products Qnap
Qnap qurouter
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Qnap Systems
Qnap Systems qrouter
Vendors & Products Qnap Systems
Qnap Systems qrouter

Fri, 20 Mar 2026 16:30:00 +0000

Type Values Removed Values Added
Description An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later
Title QuRouter
Weaknesses CWE-923
References
Metrics cvssV4_0

{'score': 0.9, 'vector': 'CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U'}

Subscriptions

Qnap Qurouter
Qnap Systems Qrouter
cve-icon MITRE

Status: PUBLISHED

Assigner: qnap

Published:

Updated: 2026-03-25T14:01:14.557Z

Reserved: 2025-10-24T02:43:45.372Z

Link: CVE-2025-62843

cve-icon Vulnrichment

Updated: 2026-03-25T14:01:04.224Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-20T17:16:42.180

Modified: 2026-04-14T14:19:26.883

Link: CVE-2025-62843

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:43:49Z

Weaknesses