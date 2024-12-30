Network Security, Endpoint/Device Security, Firewalls, Routers

Thousands of vulnerable Four-Faith routers threatened by ongoing intrusions

WiFi router

(Adobe Stock)

More than 15,000 internet-exposed Four-Faith F3x24 and F3x36 routers could potentially be compromised in ongoing intrusions exploiting the high-severity operating system command injection flaw, tracked as CVE-2024-12856, according to The Hacker News.

Attacks against the vulnerable routers have been conducted from the same IP address previously leveraged to exploit the Four-Faith remote code execution vulnerability, tracked as CVE-2019-12168, with the new issue then used to deploy a reverse shell to ensure persistence and prompt unauthenticated OS command execution, a report from VulnCheck revealed.

"The attack can be conducted against, at least, the Four-Faith F3x24 and F3x36 over HTTP using the /apply.cgi endpoint. The systems are vulnerable to OS command injection in the adj_time_year parameter when modifying the device's system time via submit_type=adjust_sys_time," said VulnCheck researcher Jacob Baines.

While the issue has already been reported, Four-Faith has yet to provide fixes for the vulnerability, noted VulnCheck.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Impact of Japan Airlines cyberattack downplayed amid recovery

Operations at Japan Airlines, the country's flag carrier, have resumed after the successful restoration of systems as a result of a distributed denial-of-service attack on Thursday, which led to the interruption of some flights, same-day departure ticket sales, and other services, reports The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Anti-MalwareBastion HostBorder Gateway Protocol (BGP)BroadcastCellCircuit Switched NetworkCut-ThroughDatagramDecapsulationReflexive ACLs (Cisco)

You can skip this ad in 5 seconds