Four-Faith Industrial Router Vulnerability Exploited in Attacks

Threat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell.

Threat actors have been observed exploiting a vulnerability in Four-Faith industrial routers to deploy a reverse shell, vulnerability intelligence company VulnCheck warns.

The exploited flaw, tracked as CVE-2024-12856 (CVSS score of 7.2), is described as an OS command injection issue that can be exploited remotely but requires authentication.

Affected devices include the Four-Faith router models F3x24 and F3x36 running firmware version 2.0, which was also found to include default credentials that can be used to gain unauthenticated remote command injection.

“At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi,” a NIST advisory reads.

“Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote ...