- Description
- An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability to gain the privileges that were intended for the original endpoint. We have already fixed the vulnerability in the following version: QuRouter 2.6.3.009 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 0.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- LOW
- security@qnapsecurity.com.tw
- CWE-923
- Hype score
- Not currently trending
QNAP patches vulnerabilities CVE-2025-62843 to CVE-2025-62846 https://t.co/JIbGqsYZAO via @HostingTech https://t.co/g75JBxNaqm
@HostingTechNet
29 Mar 2026
89 Impressions
0 Retweets
12 Likes
0 Bookmarks
0 Replies
0 Quotes
QNAP patches four SD-WAN router flaws (CVE-2025-62843 through 62846) chained at Pwn2Own Ireland for root access - earned Team DDOS $100K. Update QuRouter to 2.6.3.009. Physical, LAN, and authenticated vectors all covered. https://t.co/vVhV5O7ZT5 #infosec #QNAP #Pwn2Own
@CyberDaily_News
24 Mar 2026
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
QNAPがSD-WANルータの脆弱性4件を修正。CVE-2025-62843からCVE-2025-62846。ハッキングコンテストPwn2Own 2025で悪用されたもの。 https://t.co/95unZS30oM
@__kokumoto
23 Mar 2026
813 Impressions
2 Retweets
2 Likes
4 Bookmarks
0 Replies
0 Quotes
QNAP patches critical vulnerabilities including four SD-WAN router bugs showcased at Pwn2Own Ireland 2025 (CVE-2025-62843 to CVE-2025-62846). Fixes cover QuNetSwitch and QVR Pro. #QNAPSecurity #SDWAN #Ireland https://t.co/TsZcYIHdes
@TweetThreatNews
23 Mar 2026
148 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2025-62843 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can… https://t.co/yM6d499H7d ----- Traducción: CVE-2025-62843 Una… https://t.co/utmtNg
@infoflowcloud
22 Mar 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-62843 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can… https://t.co/ART9nmRY1a
@CVEnew
22 Mar 2026
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes