Four-Faith Industrial Routers Under Attack: CVE-2024-12856 Exploited in the Wild

VulnCheck, a renowned cybersecurity research organization, has recently issued a warning concerning active exploitation of a critical vulnerability affecting Four-Faith industrial routers. The vulnerability, identified as CVE-2024-12856 (CVSS 7.2), allows attackers to execute arbitrary commands on vulnerable devices remotely.

The vulnerability stems from a flaw in the router’s system time modification functionality, accessible via the /apply.cgi endpoint. Attackers can exploit this vulnerability by sending a specially crafted POST request containing malicious commands embedded within the adj_time_year parameter. Successful exploitation grants attackers complete control over the compromised device.

“The attacker leveraged the router’s default credentials, effectively resulting in unauthenticated remote command injection. VulnCheck has assigned this issue CVE-2024-12856,” the report states.

According to VulnCheck’s analysis, approximately 15,000 internet-facing Four-Faith F3x24 and F3x36 routers are potentially vulnerable to this attack. The organization has observed at least one IP address, 178.215.238[.]91, actively exploiting this vulnerability in the wild.

In response to this discovery, VulnCheck has released a Suricata rule to help network administrators detect and prevent exploitation attempts. The organization has also notified Four-Faith and its customers about the vulnerability, providing them with ample time to develop and deploy necessary patches.

Users of Four-Faith industrial routers are strongly urged to update their devices to the latest firmware versions and change default credentials immediately. Regular security audits and network monitoring are also recommended to mitigate the risk of future attacks.

Share on Facebook

Post on X

Save

Leave a Reply Cancel reply

Website

Related Posts:

Leave a Reply Cancel reply