VYPR
Medium severity6.8NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026

CVE-2025-62843

CVE-2025-62843

Description

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.

We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Qnap/Qurouter4 versions
    cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*
    • cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*
    • cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*
    • cpe:2.3:o:qnap:qurouter:2.6.2.007:build_20251027:*:*:*:*:*:*
  • Qnap/QHorallm-fuzzy
    Range: <2.6.3.009

Patches

Vulnerability mechanics

References

1

News mentions

1