Lucene search
K

5 matches found

Nuclei
Nuclei
added 18 hours ago22 views

Four-Faith F3x36 - Authentication Bypass

Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused by hard-coded credentials in the administrative web server, letting attackers with knowledge of credentials gain administrative access via crafted HTTP requests. id: CVE-2024-9643 info: name: Four-Faith F3x36 -...

9.8CVSS7.2AI score0.0293EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/04/22 12:0 a.m.6 views

The vulnerability of the Four-Faith F3x36 router’s microprogramming software, which stems from the use of strictly encrypted login credentials, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Four-Faith F3x36 router’s microprogramming software is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through specially crafted HTT...

10CVSS7.7AI score0.0293EPSS
Exploits0References4Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/02/09 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References1
OSV
OSV
added 2025/02/04 3:15 p.m.5 views

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

9.8CVSS5.8AI score0.00644EPSS
Exploits0References1
Saint
Saint
added 2025/01/03 12:0 a.m.524 views

Four-Faith Router adjust_sys_time command injection

Added: 01/03/2025 Background Four Faith F3x24 is a wifi industrial router. F3x36 is an LTE wireless router. Problem A default password and command injection vulnerability in the adjustsystime function in the F3x24 and F3x36 routers could allow an attacker to execute arbitrary commands. Resolution...

7.2CVSS8.2AI score0.82192EPSS
Exploits4
Rows per page
Query Builder