OS Command Injection Vulnerability in Four-Faith Routers
CVE-2024-12856
Key Information:
- Vendor
- Four-faith
- Status
- F3x24
- F3x36
- Vendor
- CVE Published:
- 27 December 2024
Badges
What is CVE-2024-12856?
CVE-2024-12856 is a critical vulnerability found in the Four-Faith router models F3x24 and F3x36. These routers are designed for network connectivity and communication in a variety of applications, making them important for organizations relying on stable network operations. This vulnerability allows authenticated remote attackers to execute arbitrary operating system commands through a specific web interface when adjusting system time settings. If the default credentials are not changed, the risk escalates, effectively allowing unauthenticated remote command execution. Consequently, this poses a serious risk, potentially giving attackers control over affected systems.
Technical Details
The vulnerability is categorized as an OS command injection flaw, which occurs when an attacker can manipulate input to execute arbitrary commands on the host operating system. Specifically, the vulnerability is present in the firmware version 2.0 on the affected router models. The command execution is facilitated through the apply.cgi script when users attempt to modify the system time settings. This vulnerability is particularly concerning due to the possibility of exploitation through web-based access, allowing attackers to remotely execute commands with elevated privileges if the default security settings are not altered.
Potential Impact of CVE-2024-12856
-
Remote Code Execution: Exploitation of this vulnerability can lead to unauthorized remote code execution, allowing attackers to execute arbitrary commands on the affected routers. This can compromise the integrity and security of the network infrastructure.
-
Unauthorized Access: If the default credentials remain intact, attackers can gain control of the routers without needing prior authentication. This undermines network security protocols and can lead to further attacks on connected devices within the network.
-
Network Disruption: Malicious command execution may disrupt the normal operation of the routers, potentially affecting overall network performance and availability. This disruption can have cascading effects on business operations, leading to significant downtime and loss of productivity.
Affected Version(s)
F3x24 2.0
F3x36 2.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
GBHackers NewsCVE-2024-12856Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers
Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant, but the botnet rapidly evolved through iterative
1 month ago
The Hacker NewsCVE-2024-12856Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks
Mirai botnet variant exploits CVE-2024-12856 in Four-Faith routers, enabling 100 Gbps DDoS attacks across five nations.
1 month ago
New Mirai botnet targets industrial routers with zero-day exploits
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices.
1 month ago
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π
Vulnerability started trending
- π°
First article discovered by cypro.se
Vulnerability published