Security News > 2024 > December > 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
2024-12-28 06:25
A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works
News URL
https://thehackernews.com/2024/12/15000-four-faith-routers-exposed-to-new.html
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-27 | CVE-2024-12856 | The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. | 0.0 |