Ethical Hacking News
Four-Faith routers are under attack due to a newly discovered high-severity vulnerability that can be exploited by threat actors. The vulnerability affects models F3x24 and F3x36 and allows attackers to execute arbitrary OS commands over HTTP when modifying the system time. It is essential for device owners to take immediate action to secure their devices and prevent potential breaches.
Four-Faith routers (F3x24 and F3x36) are vulnerable to a high-severity OS command injection vulnerability (CVE-2024-12856, CVSS score: 7.2).The vulnerability allows authenticated and remote attackers to execute arbitrary OS commands over HTTP via the apply.cgi endpoint.Default router credentials can be exploited to execute unauthenticated remote command injections.Over 15,800 devices are exposed to this vulnerability, enabling reverse shell exploitation.This highlights the threat posed by insecure devices and default credentials.
In a disturbing trend, threat actors have been actively exploiting a high-severity vulnerability impacting some Four-Faith routers. According to VulnCheck researchers, the vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), is an operating system (OS) command injection vulnerability that affects Four-Faith router models F3x24 and F3x36.
This serious flaw allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi, as per the advisory published by VulnCheck. Furthermore, this firmware version has default credentials, which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.
VulnCheck researchers reported that authenticated attackers exploited default router credentials to execute unauthenticated remote command injections. "VulnCheck observed a new post-authentication vulnerability affecting Four-Faith industrial routers being exploited in the wild," reads the report published by VulnCheck. "The attacker leveraged the router's default credentials, effectively resulting in unauthenticated remote command injection."
Attackers are targeting Four-Faith F3x24 and F3x36 routers via the /apply.cgi endpoint over HTTP. According to Censys, more than 15,800 devices exposed inline vulnerable to OS command injection via the adj_time_year parameter when adjusting system time, enabling reverse shell exploitation.
In November 2024, a blog post also highlighted the exploitation of this vulnerability. GreyNoise cybersecurity firm observed CVE-2019-12168 exploitation attempts on December 19, 2024.
This vulnerability highlights the ever-present threat posed by insecure devices and their default credentials. As an increasing number of devices become connected to the internet, it is essential for individuals and organizations to prioritize security measures to prevent such vulnerabilities from being exploited.
Related Information:
https://securityaffairs.com/172450/hacking/four-faith-routers-flaw-exploited.html
https://nvd.nist.gov/vuln/detail/CVE-2024-12856
https://www.cvedetails.com/cve/CVE-2024-12856/
https://nvd.nist.gov/vuln/detail/CVE-2019-12168
https://www.cvedetails.com/cve/CVE-2019-12168/
Published: Mon Dec 30 04:34:32 2024 by llama3.2 3B Q4_K_M
