Sign-up

ID

VAR-202506-2751


CVE

CVE-2024-13088


TITLE

QNAP Systems  of  QuRouter  Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-028326

DESCRIPTION

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later. QNAP Systems of QuRouter There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miro_webserver_controllers_api_login_singIn function. The issue results from allowing a user to authenticate using an arbitrary QCloud account. QNAP QHora is a router from Taiwan's QNAP Technology Co., Ltd. No detailed vulnerability details are currently available

Trust: 2.79

sources: NVD: CVE-2024-13088 // JVNDB: JVNDB-2024-028326 // ZDI: ZDI-26-244 // CNVD: CNVD-2025-15408

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15408

AFFECTED PRODUCTS

vendor:qnapmodel:qurouterscope:eqversion:2.4.0.190

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.5.032

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.1.634

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.1.172

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.6.028

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.3.103

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.2.317

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.4.106

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion:2.4.2.538

Trust: 1.8

vendor:qnapmodel:qurouterscope:eqversion: -

Trust: 0.8

vendor:qnapmodel:qurouterscope: - version: -

Trust: 0.8

vendor:qnapmodel:qhora-322scope: - version: -

Trust: 0.7

vendor:qnapmodel:qhorascope:ltversion:2.5.0.140

Trust: 0.6

sources: ZDI: ZDI-26-244 // CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-13088
value: HIGH

Trust: 1.0

security@qnapsecurity.com.tw: CVE-2024-13088
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-13088
value: HIGH

Trust: 0.8

ZDI: CVE-2024-13088
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2025-15408
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2025-15408
severity: MEDIUM
baseScore: 6.1
vectorString: AV:L/AC:L/AU:N/C:C/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-13088
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2024-13088
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2024-13088
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-26-244 // CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088 // NVD: CVE-2024-13088

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

PATCH

title:QNAP has issued an update to correct this vulnerability.url:https://www.qnap.com/en/security-advisory/qsa-25-15

Trust: 0.7

title:Patch for QNAP QHora Authorization Issue Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/706246

Trust: 0.6

sources: ZDI: ZDI-26-244 // CNVD: CNVD-2025-15408

EXTERNAL IDS

db:NVDid:CVE-2024-13088

Trust: 3.9

db:JVNDBid:JVNDB-2024-028326

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-25846

Trust: 0.7

db:ZDIid:ZDI-26-244

Trust: 0.7

db:CNVDid:CNVD-2025-15408

Trust: 0.6

sources: ZDI: ZDI-26-244 // CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

REFERENCES

url:https://www.qnap.com/en/security-advisory/qsa-25-15

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2024-13088

Trust: 1.4

sources: ZDI: ZDI-26-244 // CNVD: CNVD-2025-15408 // JVNDB: JVNDB-2024-028326 // NVD: CVE-2024-13088

CREDITS

nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team

Trust: 0.7

sources: ZDI: ZDI-26-244

SOURCES

db:ZDIid:ZDI-26-244
db:CNVDid:CNVD-2025-15408
db:JVNDBid:JVNDB-2024-028326
db:NVDid:CVE-2024-13088

LAST UPDATE DATE

2026-04-02T23:30:12.816000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-26-244date:2026-03-30T00:00:00
db:CNVDid:CNVD-2025-15408date:2025-07-10T00:00:00
db:JVNDBid:JVNDB-2024-028326date:2025-10-02T08:57:00
db:NVDid:CVE-2024-13088date:2025-09-24T20:32:05.373

SOURCES RELEASE DATE

db:ZDIid:ZDI-26-244date:2026-03-30T00:00:00
db:CNVDid:CNVD-2025-15408date:2025-07-08T00:00:00
db:JVNDBid:JVNDB-2024-028326date:2025-10-02T00:00:00
db:NVDid:CVE-2024-13088date:2025-06-06T16:15:23.323