CVE-2025-62843Improper Restriction of Communication Channel to Intended Endpoints in Systems INC Qurouter

CWE-923Improper Restriction of Communication Channel to Intended Endpoints3 documents3 sources
Severity
0.9LOWNVD
EPSS
0.0%
top 93.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap Systems INC Qurouter
Timeline
PublishedMar 20

Description

An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N

Affected Packages1 packages

CVEListV5qnap_systems_inc/qurouter2.6.x2.6.3.009

🔴Vulnerability Details

2
CVEList
QuRouter2026-03-20
GHSA
GHSA-v9ww-wgw5-f4f7: An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora2026-03-20
CVE-2025-62843 — Systems INC Qurouter vulnerability | cvebase