CVE-2024-13088
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-09-24
Assigner: QNAP Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qnap | qurouter | 2.4.0.190 |
| qnap | qurouter | 2.4.1.172 |
| qnap | qurouter | 2.4.1.634 |
| qnap | qurouter | 2.4.2.317 |
| qnap | qurouter | 2.4.2.538 |
| qnap | qurouter | 2.4.3.103 |
| qnap | qurouter | 2.4.4.106 |
| qnap | qurouter | 2.4.5.032 |
| qnap | qurouter | 2.4.6.028 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper authentication issue affecting QHora devices. If an attacker gains access to the local network, they can exploit this flaw to compromise the security of the system, potentially bypassing authentication controls.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with local network access to compromise the security of the affected QHora system. This could lead to unauthorized access or control over the device, potentially impacting network security and device integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update your QuRouter firmware to version 2.5.0.140 or later. You can do this by logging into the QuRouter interface, navigating to the Firmware section, selecting 'Update now,' choosing the latest firmware, and applying the update. Alternatively, you can manually download the latest firmware from the QNAP Download Center and apply it via the Firmware > Manual Update menu. [1]