CVE-2024-13087— QHora

EPSS 0.07% · P22 Updated Jun 07, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-13087

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

QHora

Source: NVD (National Vulnerability Database)

Vulnerability Description

A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

QNAP QHora 操作系统命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

QNAP QHora是中国台湾威联通科技（QNAP）公司的一款路由器。 QNAP QHora存在操作系统命令注入漏洞，该漏洞源于命令注入，可能导致执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
QNAP Systems Inc.	QuRouter	2.4.x ~ 2.4.6.028	-

II. Public POCs for CVE-2024-13087

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-13087

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2024-13087

Same Patch Batch · QNAP Systems Inc. · 2025-06-06 · 21 CVEs total

CVE-2025-22484		File Station 5
CVE-2025-33035		File Station 5
CVE-2025-33031		File Station 5
CVE-2025-30279		File Station 5
CVE-2025-29877		File Station 5
CVE-2025-29876		File Station 5
CVE-2025-29873		File Station 5
CVE-2025-29872		File Station 5
CVE-2025-29871		File Station 5
CVE-2025-22490		File Station 5
CVE-2025-29885		File Station 5
CVE-2024-13088		QHora
CVE-2024-56805		QTS, QuTS hero
CVE-2025-22481		QTS, QuTS hero
CVE-2024-50406		License Center
CVE-2025-22482		Qsync Central
CVE-2025-29892		Qsync Central
CVE-2025-22486		File Station 5
CVE-2025-29883		File Station 5
CVE-2025-29884		File Station 5

IV. Related Vulnerabilities

Same product: QuRouter

Same vendor: QNAP Systems Inc.

Same weakness: CWE-78

V. Comments for CVE-2024-13087

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-13087— QHora

I. Basic Information for CVE-2024-13087

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-13087

III. Intelligence Information for CVE-2024-13087

Same Patch Batch · QNAP Systems Inc. · 2025-06-06 · 21 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-13087

Leave a comment