CVE-2025-62846SQL Injection in Systems INC Qurouter

CWE-89SQL Injection3 documents3 sources
Severity
7.3HIGHNVD
EPSS
0.0%
top 94.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Qnap Systems INC Qurouter
Timeline
PublishedMar 20

Description

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages1 packages

CVEListV5qnap_systems_inc/qurouter2.6.x2.6.2.007

🔴Vulnerability Details

2
CVEList
QuRouter2026-03-20
GHSA
GHSA-gfqf-8rx6-9xqw: An SQL injection vulnerability has been reported to affect QHora2026-03-20
CVE-2025-62846 — SQL Injection in Systems INC Qurouter | cvebase