安全ID : QSA-25-15
Multiple Vulnerabilities in QuRouter
发布日期 : June 7, 2025
通用漏洞披露 : CVE-2024-13087 | CVE-2024-13088
受影响产品: QuRouter 2.4.x, 2.5.x
严重程度
Moderate
状态
已解决
Summary
Multiple vulnerabilities have been reported to affect QuRouter:
- CVE-2024-13087: Command injection vulnerability
If an attacker gains access to the local network and also to an administrator account, they can then exploit the vulnerability to execute arbitrary commands. - CVE-2024-13088: Improper authentication vulnerability
If an attacker gains local network access, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerabilities in the following version:
| Affected Product | Fixed Version |
| QuRouter 2.4.x and 2.5.x | QuRouter 2.5.0.140 and later |
Recommendation
For optimal security and performance, we recommend regularly updating QuRouter to the latest version, ensuring you receive all vulnerability fixes and new features. You can view the product support status to check for the latest updates available for your model.
Updating QuRouter
- Log in to QuRouter.
- Go to Firmware.
- Select Update now.
- Select Latest.
- Click Apply.
A confirmation message appears. - Click Apply.
QuRouter downloads and installs the latest firmware.
Tip: You can also download the latest firmware for your specific device from Download Center, and then perform a manual update in QuRouter by going to Firmware > Manual Update.
附件
致谢: nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team working with Trend Micro Zero Day Initiative
修订历史:
V1.0 (June 07, 2025) - Published
