Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:27 a.m.9 views

CVE-2019-12168

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell aka Administration Commands screen...

9CVSS8.1AI score0.04959EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-3817

Malware in sbrugna...

9CVSS7.2AI score0.04959EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32263

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.0043EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50421

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.0293EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50379

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00644EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/07/08 11:8 a.m.9 views

RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks

Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders DVRs and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command...

7.2CVSS7.4AI score0.86489EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/07 9:45 a.m.7 views

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

9.8CVSS7.3AI score0.00644EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/07 9:44 a.m.11 views

CVE-2024-9643

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

9.8CVSS7.2AI score0.53533EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:28 a.m.10 views

CVE-2024-12856

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

7.2CVSS8.5AI score0.82192EPSS
Exploits4References1
NVD
NVD
added 2025/02/04 3:15 p.m.11 views

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

9.8CVSS0.00644EPSS
Exploits0References1
NVD
NVD
added 2025/02/04 3:15 p.m.19 views

CVE-2024-9643

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

9.8CVSS0.0293EPSS
Exploits0References2
CVE
CVE
added 2025/02/04 2:58 p.m.83 views

CVE-2024-9644

CVE-2024-9644 affects the Four-Faith F3x36 router (firmware v2.0.0). The vulnerability is an authentication bypass in the administrative web server: certain admin functions are not protected when using bapply.cgi instead of apply.cgi. This allows a remote, unauthenticated attacker to modify setti...

9.8CVSS7.2AI score0.00644EPSS
In wildExploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/04 2:47 p.m.15 views

CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

9.8CVSS7.7AI score0.0293EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/04 2:47 p.m.14 views

CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

9.8CVSS0.0293EPSS
Exploits0References2
CVE
CVE
added 2025/02/04 2:47 p.m.72 views

CVE-2024-9643

CVE-2024-9643 concerns the Four-Faith F3x36 router with firmware version v2.0.0 , where an authentication bypass is caused by hard-coded credentials in the administrative web server . The description and connected sources confirm that an attacker who knows the credentials can gain administrative ...

9.8CVSS7.3AI score0.0293EPSS
In wildExploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.6 views

PT-2025-3731

Name of the Vulnerable Software and Affected Versions Four-Faith F3x36 router version 2.0.0 Description The issue is related to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via...

10CVSS7.3AI score0.0293EPSS
Exploits0References23
NVD
NVD
added 2024/12/27 4:15 p.m.29 views

CVE-2024-12856

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

7.2CVSS0.82192EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2024/12/27 4:3 p.m.25 views

CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

7.2CVSS8.7AI score0.82192EPSS
Exploits4References3
CVE
CVE
added 2024/12/27 4:3 p.m.240 views

CVE-2024-12856

CVE-2024-12856 affects Four-Faith router models F3x24 and F3x36. The OS command-injection vulnerability exists in the adjust_sys_time functionality exposed via /apply.cgi, allowing an authenticated user to modify system time and execute arbitrary OS commands over HTTP. In firmware v2.0, default c...

7.2CVSS8.5AI score0.82192EPSS
In wildExploits4References3Affected Software1
Cvelist
Cvelist
added 2024/12/27 4:3 p.m.39 views

CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

7.2CVSS0.82192EPSS
Exploits4References3
Rows per page
Query Builder