The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HFour Faith F3x24
HWFour-Faithwszystkie wersjeFour Faith F3x24 Firmware
OSFour-Faith2.0Four Faith F3x36
HWFour-Faithwszystkie wersjeFour Faith F3x36 Firmware
OSFour-Faith2.0
Powiązane podatności
Auth Bypass przez zakodowane dane logowania w routerze Four-Faith F3x36
Auth Bypass w routerze Four-Faith F3x36 – pominięcie uwierzytelnienia
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Ad...
A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Man...
A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown fu...