This vulnerability allows network-adjacent attackers to bypass firewall rules on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-62843.
ZDI-26-237: (Pwn2Own) QNAP QHora-322 ip6_wanifset Improper Restriction of Communication Channel to Intended Endpoints Firewall Bypass Vulnerability
Inhalt
Verknuepfte CVEs
| CVE-ID | CVE-Schwere | CVSS (CVE.org) | EPSS | EPSS-Pctl | Veroeffentlicht (CVE.org) |
|---|---|---|---|---|---|
| LOW | 0.9 | - | - | 2026-03-20 |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| Zero Day Initiative (Published) | threat_intel | - | de | https://www.zerodayinitiative.com/rss/published/ |