FlagThis

A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.

Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.

Multiple botnets, including FICORA (Mirai variant) and CAPSAICIN (Kaiten variant), are actively exploiting known vulnerabilities in older D-Link routers to conduct DDoS attacks and propagate malware. These botnets target vulnerabilities in the HNAP interface, allowing remote attackers to execute malicious commands. The ongoing attacks highlight the persistent risks associated with outdated and unpatched devices, emphasizing the need for users to update or replace vulnerable equipment immediately.

Juniper Networks has issued a warning regarding the Mirai botnet exploiting Session Smart Routers (SSR) due to unchanged default passwords. The Mirai botnet is actively targeting these devices, which could lead to significant security breaches. It is crucial for Juniper SSR users to immediately change the default password to prevent infection and secure their systems against this threat. This highlights the critical importance of strong password hygiene.