AI description
CVE-2025-62843 is an improper restriction of communication channel to intended endpoints vulnerability that affects QNAP QHora devices. This flaw allows an attacker who has gained physical access to the device to exploit it and obtain privileges that were intended for other endpoints, effectively bypassing existing controls. This vulnerability was one of four security defects (CVE-2025-62843 to CVE-2025-62846) impacting QNAP's SD-WAN routers that were demonstrated at Pwn2Own Ireland 2025. QNAP has since addressed this issue in QuRouter version 2.6.3.009 and later.
- Description
- An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
- Products
- qurouter
CVSS 4.0
- Type
- Secondary
- Base score
- 0.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
CVSS 3.1
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- security@qnapsecurity.com.tw
- CWE-923
- Hype score
- Not currently trending
QNAP patches vulnerabilities CVE-2025-62843 to CVE-2025-62846 https://t.co/JIbGqsYZAO via @HostingTech https://t.co/g75JBxNaqm
@HostingTechNet
29 Mar 2026
178 Impressions
0 Retweets
12 Likes
0 Bookmarks
0 Replies
0 Quotes
QNAP patches four SD-WAN router flaws (CVE-2025-62843 through 62846) chained at Pwn2Own Ireland for root access - earned Team DDOS $100K. Update QuRouter to 2.6.3.009. Physical, LAN, and authenticated vectors all covered. https://t.co/vVhV5O7ZT5 #infosec #QNAP #Pwn2Own
@CyberDaily_News
24 Mar 2026
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
QNAPがSD-WANルータの脆弱性4件を修正。CVE-2025-62843からCVE-2025-62846。ハッキングコンテストPwn2Own 2025で悪用されたもの。 https://t.co/95unZS30oM
@__kokumoto
23 Mar 2026
813 Impressions
2 Retweets
2 Likes
4 Bookmarks
0 Replies
0 Quotes
QNAP patches critical vulnerabilities including four SD-WAN router bugs showcased at Pwn2Own Ireland 2025 (CVE-2025-62843 to CVE-2025-62846). Fixes cover QuNetSwitch and QVR Pro. #QNAPSecurity #SDWAN #Ireland https://t.co/TsZcYIHdes
@TweetThreatNews
23 Mar 2026
148 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2025-62843 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can… https://t.co/yM6d499H7d ----- Traducción: CVE-2025-62843 Una… https://t.co/utmtNg
@infoflowcloud
22 Mar 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-62843 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can… https://t.co/ART9nmRY1a
@CVEnew
22 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qnap:qurouter:2.6.0.239:build_20250625:*:*:*:*:*:*",
"matchCriteriaId": "6BEA7459-EA28-4A5F-ABB4-F00661760FA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qurouter:2.6.0.688:build_20250818:*:*:*:*:*:*",
"matchCriteriaId": "71BB01EA-6A7B-46CF-A2F7-41DDBA5A17ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qurouter:2.6.1.028:build_20251001:*:*:*:*:*:*",
"matchCriteriaId": "F61A82A3-3A3E-42B6-B7F6-B5FAF37CCC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:qnap:qurouter:2.6.2.007:build_20251027:*:*:*:*:*:*",
"matchCriteriaId": "DC28FAFD-B2EB-4DB5-B438-A439D4305A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]