"The first bug requires physical access to a vulnerable device to gain specific privileges, while the second flaw could be exploited over the local network to obtain sensitive information."
"The last two weaknesses can be exploited by attackers with administrative privileges to cause unexpected device behavior or execute unauthorized code or commands."
"QNAP rolled out fixes for two of the demonstrated flaws, namely CVE-2025-62840 and CVE-2025-62842, less than three weeks after the competition."
"Another critical issue QNAP warned about is a missing authentication in QVR Pro that could provide remote attackers with access to vulnerable systems."
QNAP announced patches for several vulnerabilities, including four critical issues affecting its SD-WAN routers, identified during the Pwn2Own Ireland contest. These vulnerabilities, tracked as CVE-2025-62843 to CVE-2025-62846, require physical access or administrative privileges for exploitation. QNAP also addressed additional vulnerabilities in QuNetSwitch and QVR Pro, which could lead to unauthorized access and arbitrary code execution. Users are urged to update their systems to the latest versions to mitigate these risks.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]