.jpg)
<
p style=”text-align: justify;”>According to VulnCheck, a critical vulnerability identified as CVE-2024-12856 has been discovered in Four-Faith industrial routers, specifically affecting the F3x24 and F3x36 models, as well as users’ machines. Evidence suggests active exploitation of this vulnerability in the wild, raising significant security concerns for industrial and enterprise users. The flaw resides in the router’s system time adjustment function, where a post-authentication vulnerability allows attackers to execute remote commands on compromised devices.
Technical Details of the Vulnerability
The routers, running firmware version 2.0, are susceptible to an authenticated remote command execution flaw via the HTTP endpoint apply.cgi. Attackers can manipulate the system time parameter using POST requests, enabling arbitrary command execution. Additionally, the firmware is configured with default credentials that, if left unchanged, can escalate the vulnerability to allow unauthenticated remote OS command injection.
Data provided by VulnCheck indicates that approximately 15,000 internet-facing routers may be affected by this issue. Exploitation campaigns have been observed since at least November 2024, with attackers altering system parameters remotely. The attacks appear to originate from multiple IP addresses and utilize Mirai-like payloads to compromise the devices. VulnCheck notes that some payloads share similarities with those used to exploit a prior vulnerability (CVE-2019-1216
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.