CyberSecurity news
FlagThis
@cyberscoop.com - 60d
A critical vulnerability, designated CVE-2024-12856, has been discovered in Four-Faith routers, specifically models F3x24 and F3x36, enabling remote code execution. The flaw resides in the `/apply.cgi` endpoint, where manipulation of the `adj_time_year` parameter allows attackers to inject malicious commands and gain unauthorized access. This post-authentication vulnerability bypasses security measures using default credentials, allowing attackers to open reverse shells back to their systems. Over 15,000 devices are estimated to be at high risk due to default credential use and internet exposure.
The exploitation of this vulnerability poses a serious threat, potentially leading to the installation of malware, data theft, and significant network disruptions. Observed attack attempts have been linked to a Mirai malware variant, suggesting a targeted campaign. Users of affected Four-Faith routers are urged to take immediate action by updating to the latest firmware and enforcing strong password policies. A Suricata rule has also been published by VulnCheck which helps to identify devices already affected.
References :
The exploitation of this vulnerability poses a serious threat, potentially leading to the installation of malware, data theft, and significant network disruptions. Observed attack attempts have been linked to a Mirai malware variant, suggesting a targeted campaign. Users of affected Four-Faith routers are urged to take immediate action by updating to the latest firmware and enforcing strong password policies. A Suricata rule has also been published by VulnCheck which helps to identify devices already affected.
Share:
References :
- ciso2ciso.com: Threat actors attempt to exploit a flaw in Four-Faith routers – Source: securityaffairs.com
- Cyber Security News: Four-Faith Routers Hacked: Remote Access Vulnerability Exploited
- gbhackers.com: GBHackers article on Four-Faith industrial routers vulnerability exploited in the wild to gain remote access.
- www.bleepingcomputer.com: Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers.
- BleepingComputer: Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers.
- Pyrzout :vm:: Critical Flaw Exposes Four-Faith Routers to Remote Exploitation – Source:hackread.com
- ciso2ciso.com: Critical Flaw Exposes Four-Faith Routers to Remote Exploitation – Source:hackread.com
- cyberscoop.com: Thousands of industrial routers vulnerable to command injection flaw
- cyberpress.org: Four-Faith Routers Hacked: Remote Access Vulnerability Exploited
- ciso2ciso.com: Critical Flaw Exposes Four-Faith Routers to Remote Exploitation – Source:hackread.com
- Threats | CyberScoop: Thousands of industrial routers vulnerable to command injection flaw
Classification:
- HashTags: #RouterVulnerability #RemoteCodeExecution #IoTsecurity
- Company: Four-Faith
- Target: Four-Faith Routers
- Attacker: none
- Product: Four-Faith Routers
- Feature: remote code execution
- Malware: CVE-2024-12856
- Type: Vulnerability
- Severity: Major