CRITICAL🇵🇱 Wersja polska

CVE-2024-9643

CVSS 9.8v3.1pub. 2025-02-04upd. 2025-09-19

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

🤖 AI Analysis
How it works

The router firmware contains hard-coded credentials that cannot be changed by the user in the standard way. An attacker who obtains knowledge of these authentication credentials can send properly crafted HTTP requests to the device's administrative panel. The authentication mechanism is bypassed in this manner, and the attacker gains full administrative access to the device. The vulnerability is similar to the previously documented CVE-2023-32645 vulnerability.

Impact

An attacker gains full administrative access to the router, enabling them to change device configuration, intercept network traffic, modify network settings, and potentially use the device as an entry point for further lateral movement in the network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. As a temporary measure until a patch is deployed, it is recommended to restrict access to the device's administrative panel exclusively to trusted IP addresses and isolate the device from public access through a firewall or VPN.

Who is affected

Four-Faith F3x36 router with firmware version v2.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Four Faith F3x36

    HW
    Four-Faith
    wszystkie wersje
  • Four Faith F3x36 Firmware

    OS
    Four-Faith
    2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-9644CRITICAL9.8PL ✓ten sam produkt

Auth Bypass w routerze Four-Faith F3x36 – pominięcie uwierzytelnienia

CVE-2024-12856HIGH7.2ten sam produkt

The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulner...

CVE-2023-3805HIGH7.3ten sam vendor

A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Man...

CVE-2019-12168HIGH7.2ten sam vendor

Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Ad...

CVE-2025-11018MEDIUM5.5ten sam vendor

A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown fu...