Details of VAR-202506-2751

ID

VAR-202506-2751

CVE

CVE-2024-13088

TITLE

QNAP Systems of QuRouter Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-028326

DESCRIPTION

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later. QNAP Systems of QuRouter There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. QNAP QHora is a router from Taiwan's QNAP Technology Co., Ltd. No detailed vulnerability details are currently available

Trust: 2.16

sources: NVD: CVE-2024-13088 // JVNDB: JVNDB-2024-028326 // CNVD: CNVD-2025-15408

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15408

AFFECTED PRODUCTS

vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.0.190	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.5.032	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.1.634	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.1.172	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.6.028	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.3.103	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.2.317	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.4.106	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	2.4.2.538	Trust: 1.8
vendor:	qnap	model:	qurouter	scope:	eq	version:	-	Trust: 0.8
vendor:	qnap	model:	qurouter	scope:	-	version:	-	Trust: 0.8
vendor:	qnap	model:	qhora	scope:	lt	version:	2.5.0.140	Trust: 0.6

sources: CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-13088
value:	HIGH
Trust: 1.0
security@qnapsecurity.com.tw:	CVE-2024-13088
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-13088
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-15408
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-15408
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:L/AC:L/AU:N/C:C/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-13088
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-13088
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088 // NVD: CVE-2024-13088

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

PATCH

title:

Patch for QNAP QHora Authorization Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/706246

Trust: 0.6

sources: CNVD: CNVD-2025-15408

EXTERNAL IDS

db:	NVD	id:	CVE-2024-13088	Trust: 3.2
db:	JVNDB	id:	JVNDB-2024-028326	Trust: 0.8
db:	CNVD	id:	CNVD-2025-15408	Trust: 0.6

sources: CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

REFERENCES

url:	https://www.qnap.com/en/security-advisory/qsa-25-15	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-13088	Trust: 1.4

sources: CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

SOURCES

db:	CNVD	id:	CNVD-2025-15408
db:	JVNDB	id:	JVNDB-2024-028326
db:	NVD	id:	CVE-2024-13088

LAST UPDATE DATE

2025-10-04T23:24:17.994000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15408	date:	2025-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2024-028326	date:	2025-10-02T08:57:00
db:	NVD	id:	CVE-2024-13088	date:	2025-09-24T20:32:05.373

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15408	date:	2025-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2024-028326	date:	2025-10-02T00:00:00
db:	NVD	id:	CVE-2024-13088	date:	2025-06-06T16:15:23.323