Four-Faith Router adjust_sys_time command injection

Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...

CVE-2024-12856

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

Four-Faith F3x24和Four-Faith F3x36 安全漏洞

The Four-Faith F3x24 and Four-Faith F3x36 are both portable wireless mobile routers from Four-Faith China. A security vulnerability exists in the Four-Faith F3x24 and Four-Faith F3x36. The vulnerability can be exploited to execute arbitrary operating system commands over HTTP while changing the...

CVE-2019-12168

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell aka Administration Commands screen...

CVE-2019-12168

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell aka Administration Commands screen...

CVE-2019-12168

CVE-2019-12168 affects Four-Faith Wireless Mobile Router F3x24 v1.0. Red Hat lists a remote code execution path via the Command Shell (Administration > Commands) on F3x24; PT-2019-6465 attributes the issue to a lack of authorization, enabling remote code execution. Practical impact is remote c...

PT-2019-6465 · Four Faith +1 · Four-Faith Wireless Mobile Router F3X24 +1

Name of the Vulnerable Software and Affected Versions: Four-Faith Wireless Mobile Router F3x24 version 1.0 F5 BIG-IP Application Security Manager versions prior to 14.1.4.6 F5 BIG-IP Application Security Manager versions prior to 15.1.5.1 Description: The issue is related to a lack of authorizati...