Device type
Router coverage starts with official advisories, controller release notes, and download destinations that make upgrade decisions faster.
This page is grounded in the current research notes and official-source dataset, then organized into a cleaner public landing page. Zyxel now joins the router lane because its advisories expose fixed trains and model download paths clearly enough to be useful, and QNAP now belongs here too because QuRouter/QHora advisories give router-specific fixed versions from official vendor sources.
| Vendor | Update | Fixed version(s) | Published | Source |
|---|---|---|---|---|
| QNAP QHora / QuRouter 2.6.x | QSA-26-12 Multiple Vulnerabilities in QuRouter (PWN2OWN 2025) QNAP published an official QuRouter security advisory for QHora devices after PWN2OWN 2025, listing four vulnerabilities and a fixed router firmware baseline of QuRouter 2.6.3.009 or later. | QuRouter 2.6.3.009 and later | 2026-03-21 | Official source ↗ |
| Zyxel SCR 50AXE security router | Zyxel SCR 50AXE security router multi-CVE firmware update Zyxel published an official firmware advisory that includes the SCR 50AXE security router, with the router patch table moving affected firmware 1.20(ACGN.0)C0 and earlier to fixed version 1.30(ACGN.0)C0. | SCR 50AXE 1.30(ACGN.0)C0 | 2026-02-24 | Official source ↗ |
| Synology SRM / Safe Access | Synology-SA-25:11 Safe Access Safe Access for SRM 1.3 received a security update for a vulnerability that could allow remote authenticated administrator-level users to read or write limited files. | 1.3.1-0329 or above | 2025-09-16 | Official source ↗ |
| Synology SRM / RADIUS Server | Synology-SA-25:10 RADIUS Server RADIUS Server for SRM 1.3 received a fix for an XSS issue that could let remote authenticated administrator-level users read or write limited files and conduct limited DoS. | 3.0.27-0139 or above | 2025-08-29 | Official source ↗ |
| TP-Link Omada SDN Controller | Omada SDN Controller v5.15.20 pre-release Official controller release notes include a security hardening item: forcibly redirecting HTTP requests and responses to HTTPS to reduce potential security risk. | Omada SDN Controller v5.15.20.x | 2025-03-20 | Official source ↗ |
| Synology SRM | Synology-SA-25:04 SRM Multiple path traversal issues in SRM 1.3 allowed remote authenticated users to read metadata or read/write limited files. | SRM 1.3.1-9346-13 or above | 2025-03-14 | Official source ↗ |