Improper Authentication Flaw in QHora by QNAP
CVE-2024-13088

5.2MEDIUM

Key Information:

Vendor: QNAP
Status: Qurouter
Vendor: CVE Published:; 6 June 2025

What is CVE-2024-13088?

An improper authentication vulnerability has been identified in the QHora product line, impacting how users authenticate within local network environments. When an attacker gains unauthorized access to the local network, they may exploit this flaw to bypass authentication mechanisms, compromising system integrity and data security. The issue has been rectified in version 2.5.0.140 and later, highlighting the importance of upgrading to secure versions to prevent potential exploitation.

Affected Version(s)

QuRouter 2.5.x < 2.5.0.140

References

https://www.qnap.com/en/security-advisory/qsa-25-15

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Dec 31, 2024

Credit

nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team working with Trend Micro Zero Day Initiative