High severity7.8NVD Advisory· Published Jun 6, 2025· Updated Jun 17, 2026
CVE-2024-13088
CVE-2024-13088
Description
An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- QNAP Systems Inc./QuRouterv5Range: 2.5.x
Patches
Vulnerability mechanics
References
1- www.qnap.com/en/security-advisory/qsa-25-15nvdVendor Advisory
News mentions
1- ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass VulnerabilityZero Day Initiative · Mar 30, 2026