4 matches found
CVE-2024-9644
CVE-2024-9644 affects the Four-Faith F3x36 router (firmware v2.0.0). The vulnerability is an authentication bypass in the administrative web server: certain admin functions are not protected when using bapply.cgi instead of apply.cgi. This allows a remote, unauthenticated attacker to modify setti...
CVE-2024-9643
CVE-2024-9643 concerns the Four-Faith F3x36 router with firmware version v2.0.0 , where an authentication bypass is caused by hard-coded credentials in the administrative web server . The description and connected sources confirm that an attacker who knows the credentials can gain administrative ...
CVE-2024-12856
The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...
CVE-2024-52789
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etcro/shadow, which allows attackers to log in as root...