Medium severity5.5NVD Advisory· Published Mar 20, 2026· Updated Apr 14, 2026
CVE-2025-62844
CVE-2025-62844
Description
A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information.
We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5Patches
Vulnerability mechanics
References
1- www.qnap.com/en/security-advisory/qsa-26-12nvdVendor Advisory
News mentions
1- ZDI-26-239: (Pwn2Own) QNAP QHora-322 login.newAuthMiddleware.Authenticator Authentication Bypass VulnerabilityZero Day Initiative · Mar 30, 2026