Four-Faith Routers Exploited Using New Flaw

Attackers Exploiting OS Command Injection Vulnerability Prajeet Nair (@prajeetspeaks) • December 30, 2024

Hackers are exploiting a high-severity command injection vulnerability in Chinese-manufactured Four-Faith industrial routers.

See Also: The State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience

The vulnerability, tracked as CVE-2024-12856, affects F3x24 and F3x36 router models. It allows remote command execution through the router's default credentials, potentially compromising thousands of devices, according to a report by VulnCheck.

Typical customers of Four-Faith use the routers for remote monitoring, control systems, supervisory control and data acquisition networks. Customers include industrial automation, factories and manufacturing plants, power grids, renewable energy plants, water utilities, and transportation and logistics for fleet management and vehicle tracking for real-time data transmission.

The vulnerability, with a CVSS score of 7.2, resides in the /apply.cgi endpoint, where attackers can exploit the adj_time_year ...