CVE-2024-12856

Dependent-Fishing630

15,000+Four-FaithRoutersExposedtoNewExploit-RisquesetRecommandations

Dependent-Fishing630

15,000+RouteursFour-FaithexposésàuneNouvelleExploitationenraisondesIdentifiantsparDéfaut

the_yellow_fall

Four-Faith Industrial Routers Under Attack: CVE-2024-12856 Exploited in the Wild Vulnerability alert: Four-Faith routers vulnerable to CVE-2024-12856. Find out how attackers can exploit this flaw for RCE

the_yellow_fall

FortiGuard Labs exposes RondoDox, a stealthy botnet exploiting critical flaws (CVE-2024-3721, CVE-2024-12856) in TBK DVRs & Four-Faith routers to launch sophisticated DDoS attacks. #RondoDox #BotnetAlert #DDoSAttack #Cybersecurity #IoTsecurity

archie_sham

disrupting firewall protection. The issue impacts devices with DNS Security logging enabled and has been patched in versions PAN-OS 10.1.14-h8, 10.2.10-h12, 11.1.5, and 11.2.3. A high-severity OS command injection vulnerability (CVE-2024-12856)

securityRSS

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials: https://t.co/HhFBYAbWOz A high-severity vulnerability, CVE-2024-12856 (CVSS score: 7.2), affects Four-Faith routers F3x24 and F3x36, allowing OS command injection if default credentials are not changed. Exploitation has been observed using these credentials to establish a reverse shell for remote access. Over 15,000 devices are exposed, with attacks possibly ongoing since early November 2024. No patches are currently available; the flaw was reported to Four-Faith on December 20, 2024. Source: The Hacker News

transilienceai

FortiGuard Labs recently uncovered RondoDox, a new botnet that exploits two critical vulnerabilities: CVE-2024-3721 and CVE-2024-12856. These vulnerabilities affect TBK DVR devices and Four-Faith routers, respectively. RondoDox leverages these security flaws to infiltrate the devices, enabling it to build a botnet network. #Cybersecurity #Botnet

SamTechwest

15,000+ Four-Faith routers are exposed, with attackers actively exploiting a command injection flaw (CVE-2024-12856). Attackers execute commands remotely via the adj_time_year parameter. Reverse shells enable hackers to stay hidden and in control.

IT_news_for_all

15,000+ Four-Faith routers are exposed, with attackers actively exploiting a command injection flaw (CVE-2024-12856). Attackers execute commands remotely via the adj_time_year parameter. Reverse shells enable hackers to stay hidden and... https://t.co/5gHnCfrMNV

TheHackersNews

15,000+ Four-Faith routers are exposed, with attackers actively exploiting a command injection flaw (CVE-2024-12856). Read: