CVE-2025-29887
published 2025-08-29CVE-2025-29887: A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the…
high7.1CVSS 4.0
AVNACHATPPRHUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.5.1.060 and later
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qurouter | — | — |
| qnap | qurouter | — | — |
| qnap_systems_inc | qurouter | >= 2.5.x < 2.5.1.060 | 2.5.1.060 |