25 matches found
CVE-2019-12168
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell aka Administration Commands screen...
EUVD-2019-3817
Malware in sbrugna...
EUVD-2024-32263
Malicious code in bioql PyPI...
EUVD-2024-50421
Malicious code in bioql PyPI...
EUVD-2024-50379
Malicious code in bioql PyPI...
RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks
Cybersecurity researchers are calling attention to a malware campaign that's targeting security flaws in TBK digital video recorders DVRs and Four-Faith routers to rope the devices into a new botnet called RondoDox. The vulnerabilities in question include CVE-2024-3721, a medium-severity command...
CVE-2024-9644
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...
CVE-2024-9643
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-12856
The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...
CVE-2024-9644
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...
CVE-2024-9643
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-9644
CVE-2024-9644 affects the Four-Faith F3x36 router (firmware v2.0.0). The vulnerability is an authentication bypass in the administrative web server: certain admin functions are not protected when using bapply.cgi instead of apply.cgi. This allows a remote, unauthenticated attacker to modify setti...
CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-9643 Four-Faith F3x36 Hidden Debug Credentials
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...
CVE-2024-9643
CVE-2024-9643 concerns the Four-Faith F3x36 router with firmware version v2.0.0 , where an authentication bypass is caused by hard-coded credentials in the administrative web server . The description and connected sources confirm that an attacker who knows the credentials can gain administrative ...
PT-2025-3731
Name of the Vulnerable Software and Affected Versions Four-Faith F3x36 router version 2.0.0 Description The issue is related to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via...
CVE-2024-12856
The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...
CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection
The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...
CVE-2024-12856
CVE-2024-12856 affects Four-Faith router models F3x24 and F3x36. The OS command-injection vulnerability exists in the adjust_sys_time functionality exposed via /apply.cgi, allowing an authenticated user to modify system time and execute arbitrary OS commands over HTTP. In firmware v2.0, default c...
CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection
The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...