December 30, 2024 By Pierluigi Paganini
VulnCheck researchers warn that threat actors are attempting to exploit a high-severity vulnerability impacting some Four-Faith routers.
Cybersecurity firm VulnCheck warns that a high-severity flaw, tracked as CVE-2024-12856 (CVSS score: 7.2), in Four-Faith routers is actively exploited in the wild.
The vulnerability is an operating system (OS) command injection vulnerability that impacts Four-Faith router models F3x24 and F3x36.
“At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi.” reads the advisory. “Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.”
VulnCheck researchers reported that authenticated attackers exploited default router credentials to execute unauthenticated remote command injections.
