Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Four-Faith Routers Exploited in the Wild

December 30, 2024
Reading Time: 2 mins read
in Alerts
Four-Faith Routers Exploited in the Wild

A critical vulnerability has been discovered in Four-Faith routers, affecting models F3x24 and F3x36, with over 15,000 internet-facing devices exposed. The flaw, tracked as CVE-2024-12856, is an operating system (OS) command injection bug that allows remote attackers to execute arbitrary commands on affected devices. While the vulnerability requires authentication to be exploited, it can be triggered without authentication if the routers’ default credentials remain unchanged. This makes the flaw particularly dangerous for organizations that have not taken the necessary steps to secure their devices.

The exploitation of this vulnerability can lead to the attacker gaining persistent remote access to the router through a reverse shell. The attackers, who have been identified by VulnCheck, have been leveraging the default credentials to exploit the flaw and establish a foothold in vulnerable systems. The attack occurs through the router’s /apply.cgi endpoint, specifically targeting the adj_time_year parameter when modifying system time settings. This issue can have significant consequences for both the security of the routers and the integrity of the network infrastructure.

Further research from threat intelligence firms such as GreyNoise has connected the exploit to the same IP address (178.215.238[.]91) previously associated with attempts to weaponize CVE-2019-12168, another remote code execution flaw impacting Four-Faith routers. This indicates that the current wave of attacks may be part of an ongoing campaign targeting Four-Faith routers. Vulnerability data from Censys shows that many devices are still exposed to these threats, highlighting the urgent need for patching and better security practices within affected networks.

At this time, no patches are available for CVE-2024-12856, though the flaw was responsibly reported to Four-Faith by VulnCheck on December 20, 2024. With the vulnerability having been actively exploited for potentially over a month, organizations using these router models are strongly urged to change default credentials and monitor their devices for any signs of unauthorized access. As the situation develops, it remains crucial for Four-Faith to release a patch and for the broader cybersecurity community to continue monitoring for further attacks exploiting this flaw.

Reference:

  • Over 15,000 Four-Faith Routers Vulnerable to Exploit Due to Default Credentials
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsDecember 2024Four-Faith routersOS command injectionVulnerabilities
ADVERTISEMENT

Related Posts

UNC6040 Vishing Group Target Salesforce Data

UNC6040 Vishing Group Target Salesforce Data

June 5, 2025
New Chaos RAT Variant Hits Windows and Linux

New Chaos RAT Variant Hits Windows and Linux

June 5, 2025
New Chaos RAT Variant Hits Windows and Linux

FBI Warns Hedera NFT Airdrop Crypto Scam

June 5, 2025
Crocodilus Trojan Steals Crypto Globally

Crocodilus Trojan Steals Crypto Globally

June 4, 2025
Crocodilus Trojan Steals Crypto Globally

Bogus CAPTCHA Lures Install NetSupport RAT

June 4, 2025
Crocodilus Trojan Steals Crypto Globally

Fake RubyGems Steal Telegram Bot Tokens

June 4, 2025

Latest Alerts

FBI Warns Hedera NFT Airdrop Crypto Scam

New Chaos RAT Variant Hits Windows and Linux

UNC6040 Vishing Group Target Salesforce Data

Bogus CAPTCHA Lures Install NetSupport RAT

Crocodilus Trojan Steals Crypto Globally

Fake RubyGems Steal Telegram Bot Tokens

Subscribe to our newsletter

    Latest Incidents

    KiranaPro Startup Hacked All Data Wiped

    Nervos Bridge Paused After $3.9 Million Hack

    Ukraine GUR Claims Tupolev Data Theft Hack

    Malaysia Home Minister WhatsApp Breached

    MainStreet Bank Faces Vendor Data Breach

    BitoPro Loses $11.5M In DeFi Hack Wave

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial