QHora Weak Auth Vulnerability (QuRouter <2.6.2.007), fixed 2.6.2.007
CVE-2025-62844 Published on March 20, 2026

QuRouter
A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later

NVD

Weakness Type

CWE-1390

Affected Versions

QNAP Systems Inc. QuRouter:

Version 2.6.x and below 2.6.2.007 is affected.

Exploit Probability

EPSS

0.03%

Percentile

7.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

QHora Weak Auth Vulnerability (QuRouter <2.6.2.007), fixed 2.6.2.007CVE-2025-62844 Published on March 20, 2026

Weakness Type

Affected Versions

Exploit Probability

QHora Weak Auth Vulnerability (QuRouter <2.6.2.007), fixed 2.6.2.007
CVE-2025-62844 Published on March 20, 2026