Every CVE whose affected-product data names Qnap Qurouter, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2024-50390 — CVSS 9.8 (critical): A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to…
CVE-2024-48860 — CVSS 9.8 (critical): An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow…
CVE-2024-50389 — CVSS 9.8 (critical): A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject…
CVE-2024-13088 — CVSS 7.8 (high): An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then…
CVE-2024-48861 — CVSS 7.8 (high): An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow…
CVE-2025-29887 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can…
CVE-2024-53700 — CVSS 7.2 (high): A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have…
CVE-2025-62843 — CVSS 6.8 (medium): An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker…
CVE-2025-62846 — CVSS 6.7 (medium): An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit…
CVE-2024-13087 — CVSS 6.7 (medium): A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an…
CVE-2025-62845 — CVSS 6.7 (medium): An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains…
CVE-2025-62844 — CVSS 5.5 (medium): A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the…