Security ID : QSA-25-25
Vulnerability in QuRouter
Release date : August 29, 2025
CVE identifier : CVE-2025-29887
Affected products: QuRouter 2.5.x
Severity
Important
Status
Resolved
Summary
A command injection vulnerability has been reported to affect QuRouter. If a remote attacker gains access to an administrator account, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
| Affected Product | Fixed Version |
| QuRouter 2.5.x | QuRouter 2.5.1.060 and later |
Recommendation
For optimal security and performance, we recommend regularly updating QuRouter to the latest version, ensuring you receive all vulnerability fixes and new features. You can view the product support status to check for the latest updates available for your model.
Updating QuRouter
- Log in to QuRouter.
- Go to Firmware.
- Select Update now.
- Select Latest.
- Click Apply.
A confirmation message appears. - Click Apply.
QuRouter downloads and installs the latest firmware.
Tip: You can also download the latest firmware for your specific device from Download Center, and then perform a manual update in QuRouter by going to Firmware > Manual Update.
Attachment
Acknowledgements: Anonymous
Revision History:
V1.0 (August 29, 2025) - Published
