Medium severity5.5NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026

CVE-2025-62844

Description

A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information.

We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later

Affected products

Qnap/Qurouter3 versions
cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*
- cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*
- cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/en/security-advisory/qsa-26-12nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000