Details of VAR-202506-2751

ID

VAR-202506-2751

CVE

CVE-2024-13088

TITLE

QNAP QHora Authorization Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15408

DESCRIPTION

An improper authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QuRouter 2.5.0.140 and later. QNAP QHora is a router from Taiwan's QNAP Technology Co., Ltd. No detailed vulnerability details are currently available

Trust: 1.44

sources: NVD: CVE-2024-13088 // CNVD: CNVD-2025-15408

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15408

AFFECTED PRODUCTS

vendor:

qnap

model:

qhora

scope:

version:

2.5.0.140

Trust: 0.6

sources: CNVD: CNVD-2025-15408

CVSS

SEVERITY

CVSSV2

CVSSV3

security@qnapsecurity.com.tw:	CVE-2024-13088
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2025-15408
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2025-15408
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:L/AC:L/AU:N/C:C/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2025-15408 // NVD: CVE-2024-13088

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.0

sources: NVD: CVE-2024-13088

PATCH

title:

Patch for QNAP QHora Authorization Issue Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/706246

Trust: 0.6

sources: CNVD: CNVD-2025-15408

EXTERNAL IDS

db:	NVD	id:	CVE-2024-13088	Trust: 1.6
db:	CNVD	id:	CNVD-2025-15408	Trust: 0.6

sources: CNVD: CNVD-2025-15408 // NVD: CVE-2024-13088

REFERENCES

url:	https://www.qnap.com/en/security-advisory/qsa-25-15	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-13088	Trust: 0.6

sources: CNVD: CNVD-2025-15408 // NVD: CVE-2024-13088

SOURCES

db:	CNVD	id:	CNVD-2025-15408
db:	NVD	id:	CVE-2024-13088

LAST UPDATE DATE

2025-07-12T23:23:24.155000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15408	date:	2025-07-10T00:00:00
db:	NVD	id:	CVE-2024-13088	date:	2025-06-09T12:15:47.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15408	date:	2025-07-08T00:00:00
db:	NVD	id:	CVE-2024-13088	date:	2025-06-06T16:15:23.323