7.2
HIGH
CVE-2024-12856
Four-Faith Router OS Command Injection Vulnerability
Description

The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.

INFO

Published Date :

Dec. 27, 2024, 4:15 p.m.

Last Modified :

Dec. 27, 2024, 6:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

1.2
Affected Products

The following products are affected by CVE-2024-12856 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-12856.

URL Resource
https://ducklingstudio.blog.fc2.com/blog-entry-392.html
https://vulncheck.com/advisories/four-faith-time
https://vulncheck.com/blog/four-faith-cve-2024-12856
https://vulncheck.com/blog/four-faith-cve-2024-12856

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-12856 vulnerability anywhere in the article.

  • Cybersecurity News
“Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers

XLab has released a report on the Gayfemboy botnet, a rapidly evolving threat leveraging a 0-day vulnerability in Four-Faith industrial routers. This botnet, initially a modest derivative of the infam ... Read more

Published Date: Jan 08, 2025 (6 hours, 26 minutes ago)
CVE-2024-12856
  • BleepingComputer
New Mirai botnet targets industrial routers with zero-day exploits

A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. Exploitation of previous ... Read more

Published Date: Jan 07, 2025 (12 hours, 9 minutes ago)
CVE-2024-12856 CVE-2024-8957 CVE-2024-8956 CVE-2023-26801 CVE-2017-17215
  • security.nl
Securitybedrijf meldt actief misbruik van lek in industriële routers Four-Faith

Aanvallers maken actief misbruik van een kwetsbaarheid in industriële routers van fabrikant Four-Faith en het is onduidelijk of er updates beschikbaar zijn om het probleem te verhelpen, zo meldt secur ... Read more

Published Date: Dec 31, 2024 (1 week ago)
CVE-2024-12856
  • Cybersecurity News
IBM’s HashiCorp Acquisition Under Scrutiny: CMA Investigates Competition Concerns

The United Kingdom’s Competition and Markets Authority (CMA) recently announced that it would launch an investigation into IBM’s $6.4 billion acquisition of HashiCorp, a software company specializing ... Read more

Published Date: Dec 31, 2024 (1 week, 1 day ago)
CVE-2024-12856 CVE-2024-39343 CVE-2024-41779 CVE-2024-9180 CVE-2024-38178 CVE-2023-48788 CVE-2021-44207 CVE-2014-2120
  • BleepingComputer
Hackers exploit Four-Faith router flaw to open reverse shells

Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. The malicious ac ... Read more

Published Date: Dec 30, 2024 (1 week, 1 day ago)
CVE-2024-12856 CVE-2019-12168
  • The Hacker News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Cybersecurity / Hacking News Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whe ... Read more

Published Date: Dec 30, 2024 (1 week, 1 day ago)
CVE-2024-12856 CVE-2024-3393 CVE-2024-52046 CVE-2024-43441 CVE-2024-45387 CVE-2024-56337 CVE-2024-52324 CVE-2024-48874 CVE-2024-47547 CVE-2019-3568
  • Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Critical Flaw Exposes Four-Faith Routers to Remote Exploitation

SUMMARY: Vulnerability: CVE-2024-12856 impacts Four-Faith routers (models F3x24 and F3x36), allowing remote code execution. Exploit Path: Attackers use the /apply.cgi endpoint to exploit the adj_time_ ... Read more

Published Date: Dec 30, 2024 (1 week, 2 days ago)
CVE-2024-12856 CVE-2019-12168
  • Cybersecurity News
Four-Faith Industrial Routers Under Attack: CVE-2024-12856 Exploited in the Wild

VulnCheck, a renowned cybersecurity research organization, has recently issued a warning concerning active exploitation of a critical vulnerability affecting Four-Faith industrial routers. The vulnera ... Read more

Published Date: Dec 30, 2024 (1 week, 2 days ago)
CVE-2024-12856 CVE-2024-51466 CVE-2024-40695 CVE-2024-12254 CVE-2024-11680 CVE-2024-11120 CVE-2024-47575 CVE-2023-30799
  • The Hacker News
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

Vulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability ... Read more

Published Date: Dec 28, 2024 (1 week, 4 days ago)
CVE-2024-12856 CVE-2024-56337 CVE-2019-12168

The following table lists the changes that have been made to the CVE-2024-12856 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Dec. 27, 2024

    Action Type Old Value New Value
    Added Reference https://vulncheck.com/blog/four-faith-cve-2024-12856
  • New CVE Received by [email protected]

    Dec. 27, 2024

    Action Type Old Value New Value
    Added Description The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.
    Added CVSS V3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-78
    Added Reference https://ducklingstudio.blog.fc2.com/blog-entry-392.html
    Added Reference https://vulncheck.com/advisories/four-faith-time
    Added Reference https://vulncheck.com/blog/four-faith-cve-2024-12856
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-12856 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-12856 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: