The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
The router firmware contains hard-coded credentials that cannot be changed by the user in the standard way. An attacker who obtains knowledge of these authentication credentials can send properly crafted HTTP requests to the device's administrative panel. The authentication mechanism is bypassed in this manner, and the attacker gains full administrative access to the device. The vulnerability is similar to the previously documented CVE-2023-32645 vulnerability.
An attacker gains full administrative access to the router, enabling them to change device configuration, intercept network traffic, modify network settings, and potentially use the device as an entry point for further lateral movement in the network.
Apply patches available from the manufacturer according to the references. As a temporary measure until a patch is deployed, it is recommended to restrict access to the device's administrative panel exclusively to trusted IP addresses and isolate the device from public access through a firewall or VPN.
Four-Faith F3x36 router with firmware version v2.0.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HFour Faith F3x36
HWFour-Faithwszystkie wersjeFour Faith F3x36 Firmware
OSFour-Faith2.0
Related vulnerabilities
Auth Bypass w routerze Four-Faith F3x36 – pominięcie uwierzytelnienia
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulner...
A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Man...
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Ad...
A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown fu...