CVE-2024-13088

CWE-287 — Improper Authentication3 documents3 sources

Severity

5.2MEDIUM

EPSS

0.1%

top 80.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qurouter Qnap Qurouter

Timeline

PublishedJun 6

Description

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./qurouter2.5.x — 2.5.0.140

▶NVDqnap/qurouter9 versions+8

🔴Vulnerability Details

CVEList

QHora↗2025-06-06

▶

GHSA

GHSA-8m5f-fx5r-2p23: An improper authentication vulnerability has been reported to affect QHora↗2025-06-06

▶