Critical Router Flaw Lets Hackers Hijack Industrial Networks Through Four-Faith Devices

Critical Router Flaw Lets Hackers Hijack Industrial Networks Through Four-Faith Devices

Four-Faith Routers Under Active Attack: Critical Security Vulnerability Discovered

A severe security vulnerability (CVE-2024-12856) affecting Four-Faith routers is currently being exploited by cybercriminals. The flaw, discovered by VulnCheck, allows attackers to execute remote commands on affected devices after authentication.

Key Details:
– Affected Models: F3x24 and F3x36 router series
– Impacted Sectors: Energy, utilities, transportation, telecommunications, and manufacturing
– Vulnerable Devices: Approximately 15,000 internet-facing Four-Faith routers

Technical Analysis:
The vulnerability involves a command injection flaw through the ‘/apply.cgi’ endpoint, specifically targeting the ‘adj_time_year’ parameter. Attackers can exploit this weakness to establish reverse shells, gaining complete remote access to compromised devices. The attack vector is similar to the previously known CVE-2019-12168 vulnerability.

Risk Factors:
– Many devices still use default credentials
– Successful exploitation enables network pivoting
– Attackers can maintain persistence through configuration file modifications

Mitigation Steps:
1. Update router firmware to the latest version
2. Change default credentials immediately
3. Implement provided Suricata detection rules
4. Contact Four-Faith support for specific guidance

While Four-Faith was notified on December 20, 2024, the availability of security patches remains unclear. Organizations using these devices should take immediate action to secure their infrastructure.

Share This Article