Multiple Vulnerabilities in QuRouter (PWN2OWN 2025)

Summary

Multiple vulnerabilities have been reported to affect QHora.

• CVE-2025-62843: If an attacker gains physical access, they can then exploit the improper restriction of communication channel to intended endpoints vulnerability to gain the privileges that were intended for the original endpoint.
• CVE-2025-62844: If an attacker gains local network access, they can then exploit the weak authentication vulnerability to gain sensitive information.
• CVE-2025-62846: If a local attacker gains an administrator account, they can then exploit the SQL injection vulnerability to execute unauthorized code or commands.
• CVE-2025-62845: If a local attacker gains an administrator account, they can then exploit the improper neutralization of escape, meta, or control sequences vulnerability to cause unexpected behavior.

We have already fixed these vulnerabilities in the following version:

Recommendation

For optimal security and performance, we recommend regularly updating QuRouter to the latest version, ensuring you receive all vulnerability fixes and new features. You can view the product support status to check for the latest updates available for your model.

Updating QuRouter

1. Log in to QuRouter.
2. Go to Firmware.
3. Select Update now.
4. Select Latest.
5. Click Apply.
   A confirmation message appears.
6. Click Apply.
   QuRouter downloads and installs the latest firmware.

Tip: You can also download the latest firmware for your specific device from Download Center, and then perform a manual update in QuRouter by going to Firmware > Manual Update.