CVE-2024-13088

EPSS 0.05%
Published 06.06.2025 15:53:09
Last modified 24.09.2025 20:32:05
Source security@qnapsecurity.com.tw
Teams watchlist Login
Open Login

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system.

We have already fixed the vulnerability in the following version:
QuRouter 2.5.0.140 and later

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qnap ≫ Qurouter Version2.4.0.190 Updatebuild_20240522

Qnap ≫ Qurouter Version2.4.1.172 Updatebuild_20240606

Qnap ≫ Qurouter Version2.4.1.634 Updatebuild_20240710

Qnap ≫ Qurouter Version2.4.2.317 Updatebuild_20240903

Qnap ≫ Qurouter Version2.4.2.538 Updatebuild_20240923

Qnap ≫ Qurouter Version2.4.3.103 Updatebuild_20241011

Qnap ≫ Qurouter Version2.4.4.106 Updatebuild_20241017

Qnap ≫ Qurouter Version2.4.5.032 Updatebuild_20241029

Qnap ≫ Qurouter Version2.4.6.028 Updatebuild_20250207

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.158

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security@qnapsecurity.com.tw	5.2	0	0	CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.qnap.com/en/security-advisory/qsa-25-15

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-13088

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13088

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13088

EUVD