Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

The vulnerability of the Four-Faith F3x36 router’s microprogramming software, which stems from the use of strictly encrypted login credentials, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Four-Faith F3x36 router’s microprogramming software is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through specially crafted HTT...

The vulnerability of the Four-Faith F3x36 microprogrammed router server lies in the lack of authentication for a critical function, allowing an attacker to modify the device’s configuration.

The vulnerability of the Four-Faith F3x36 microprogrammed router software server lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify the device’s configuration by sending specially crafted HTTP requests...

VulnCheck KEV: CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

CVE-2024-9643

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to...

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

CVE-2024-9644 Four-Faith F3x36 bapply.cgi Auth Bypass

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

CVE-2024-9644 Four-Faith F3x36 bapply.cgi Auth Bypass

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

Four-Faith F3x36 安全漏洞

The Four-Faith F3x36 is a portable wireless mobile router from Four-Faith China. A security vulnerability exists in the Four-Faith F3x36 version v2.0.0, which stems from the fact that certain administrative functions do not enforce authentication...

Four-Faith F3x36 安全漏洞

The Four-Faith F3x36 is a portable wireless mobile router from Four-Faith China. A security vulnerability exists in Four-Faith F3x36 version v2.0.0, which stems from the use of hard-coded credentials. An attacker could exploit the vulnerability to gain administrative access via a specially crafte...

Four-Faith Router adjust_sys_time command injection

Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...

CVE-2024-12856

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

Four-Faith F3x24和Four-Faith F3x36 安全漏洞

The Four-Faith F3x24 and Four-Faith F3x36 are both portable wireless mobile routers from Four-Faith China. A security vulnerability exists in the Four-Faith F3x24 and Four-Faith F3x36. The vulnerability can be exploited to execute arbitrary operating system commands over HTTP while changing the...