{"api_version":"1","generated_at":"2026-04-23T09:39:49+00:00","cve":"CVE-2025-62843","urls":{"html":"https://cve.report/CVE-2025-62843","api":"https://cve.report/api/cve/CVE-2025-62843.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-62843","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-62843"},"summary":{"title":"QuRouter","description":"An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later","state":"PUBLISHED","assigner":"qnap","published_at":"2026-03-20 17:16:42","updated_at":"2026-04-14 14:19:26"},"problem_types":["CWE-923","CWE-923 CWE-923"],"metrics":[{"version":"4.0","source":"security@qnapsecurity.com.tw","type":"Secondary","score":"0.9","severity":"LOW","vector":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":0.9,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"0.9","severity":"LOW","vector":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U","data":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"PHYSICAL","baseScore":0.9,"baseSeverity":"LOW","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"MEDIUM","vector":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-12","name":"https://www.qnap.com/en/security-advisory/qsa-26-12","refsource":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-62843","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62843","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"QNAP Systems Inc.","product":"QuRouter","version":"affected 2.6.x 2.6.3.009 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"We have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Pwn2Own 2025 - Team DDOS","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"62843","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qnap","cpe5":"qurouter","cpe6":"2.6.0.239","cpe7":"build_20250625","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"62843","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qnap","cpe5":"qurouter","cpe6":"2.6.0.688","cpe7":"build_20250818","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"62843","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qnap","cpe5":"qurouter","cpe6":"2.6.1.028","cpe7":"build_20251001","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"62843","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"qnap","cpe5":"qurouter","cpe6":"2.6.2.007","cpe7":"build_20251027","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"62843","cve":"CVE-2025-62843","epss":"0.000240000","percentile":"0.063260000","score_date":"2026-04-15","updated_at":"2026-04-16 00:13:56"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-62843","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-03-25T14:00:53.535750Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-03-25T14:01:14.557Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"QuRouter","vendor":"QNAP Systems Inc.","versions":[{"lessThan":"2.6.3.009","status":"affected","version":"2.6.x","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Pwn2Own 2025 - Team DDOS"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.<br><br>We have already fixed the vulnerability in the following version:<br>QuRouter 2.6.3.009 and later<br>"}],"value":"An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later"}],"impacts":[{"capecId":"CAPEC-161","descriptions":[{"lang":"en","value":"CAPEC-161"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"PHYSICAL","baseScore":0.9,"baseSeverity":"LOW","exploitMaturity":"UNREPORTED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-923","description":"CWE-923","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-03-20T16:22:02.680Z","orgId":"2fd009eb-170a-4625-932b-17a53af1051f","shortName":"qnap"},"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-26-12"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"We have already fixed the vulnerability in the following version:<br>QuRouter 2.6.3.009 and later<br>"}],"value":"We have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later"}],"source":{"advisory":"QSA-26-12","discovery":"EXTERNAL"},"title":"QuRouter","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"2fd009eb-170a-4625-932b-17a53af1051f","assignerShortName":"qnap","cveId":"CVE-2025-62843","datePublished":"2026-03-20T16:22:02.680Z","dateReserved":"2025-10-24T02:43:45.372Z","dateUpdated":"2026-03-25T14:01:14.557Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-03-20 17:16:42","lastModifiedDate":"2026-04-14 14:19:26","problem_types":["CWE-923","CWE-923 CWE-923"],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":0.9,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"UNREPORTED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*","matchCriteriaId":"6BEA7459-EA28-4A5F-ABB4-F00661760FA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*","matchCriteriaId":"71BB01EA-6A7B-46CF-A2F7-41DDBA5A17ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*","matchCriteriaId":"F61A82A3-3A3E-42B6-B7F6-B5FAF37CCC80"},{"vulnerable":true,"criteria":"cpe:2.3:o:qnap:qurouter:2.6.2.007:build_20251027:*:*:*:*:*:*","matchCriteriaId":"DC28FAFD-B2EB-4DB5-B438-A439D4305A5F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"62843","Ordinal":"1","Title":"QuRouter","CVE":"CVE-2025-62843","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"62843","Ordinal":"1","NoteData":"An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.6.3.009 and later","Type":"Description","Title":"QuRouter"}]}}}