5 matches found
Four-Faith F3x36 - Authentication Bypass
Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...
The vulnerability of the Four-Faith F3x36 router’s microprogramming software, which stems from the use of strictly encrypted login credentials, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Four-Faith F3x36 router’s microprogramming software is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through specially crafted HTT...
VulnCheck KEV: CVE-2024-9644
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...
CVE-2024-9644
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...
Four-Faith Router adjust_sys_time command injection
Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...