Primary

Context

QNAP QHora Improper Communication Channel Restriction Vulnerability

Vulnerability

A vulnerability exists in QNAP QHora routers running QuRouter version 2.6.x, allowing an attacker with physical access to exploit improper restrictions on communication channels. This exploitation can lead to unauthorized privileges intended for the original endpoint.

Impact

Exploitation of this vulnerability allows an attacker to gain elevated privileges on the device, potentially leading to further exploitation or unauthorized actions.

Remediation

Users can update to QuRouter version 2.6.3.009 or later to address this vulnerability. For instructions on updating QuRouter, log in to the router, go to the Firmware section, select 'Update now', choose 'Latest', and click 'Apply'. Alternatively, the latest firmware can be downloaded from the QNAP Download Center and installed manually.

Added: Mar 20, 2026, 5:24 PM

Updated: Mar 20, 2026, 5:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

1.9

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

1.9

remediation

0.0

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

QNAP QHora Improper Communication Channel Restriction Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating