ZDI 2026-03-30

ZDI-26-244: (Pwn2Own) QNAP QHora-322 miro_webserver_controllers_api_login_singIn Authentication Bypass Vulnerability

CVE-2024-13088

Machine-generated analysis · WAYSCloud LLM

The vulnerability enables network-adjacent attackers to bypass authentication on QNAP QHora-322 routers without requiring credentials.

Context

The affected product is the QNAP QHora-322 router, specifically its miro_webserver_controllers_api_login_singIn functionality. The vulnerability is an authentication bypass that can be exploited by network-adjacent attackers. The advisory notes that no authentication is required to exploit the issue. A CVSS v3.1 score of 5.0 is assigned, indicating a moderate severity impact.

Operator considerations

Check: Identify QNAP QHora-322 routers in use that may be exposed to untrusted network-adjacent access.

From Zero Day Initiative ↗

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-13088.

Read the full advisory on ZDI →