Main Vulnerability Database Vulnerabilities #VU124215

#VU124215 Improper restriction of communication channel to intended endpoints in QuRouter - CVE-2025-62843

Published: March 23, 2026

Vulnerability identifier: #VU124215

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-62843

CWE-ID: CWE-923

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
QuRouter

Software vendor:
QNAP Systems, Inc.

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper restriction of communication channel to intended endpoints. An attacker with physical access can gain elevated privileges on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.qnap.com/en/security-advisory/qsa-26-12

#VU124215 Improper restriction of communication channel to intended endpoints in QuRouter - CVE-2025-62843

Description

Remediation

External links

Please verify you're human