Attackers are actively exploiting a vulnerability in industrial routers from manufacturer Four-Faith and it is unclear whether updates are available to fix the problem, security company VulnCheck reports. This includes the F3x24 and F3x36, which are also used for unmanned systems. A vulnerability in the routers, referred to as CVE-2024-12856, allows an attacker to execute commands on the system.
The condition is that an attacker has first authenticated himself. The attacks observed used the default password that had not been changed. The vulnerability was then used to set up a reverse shell. No further details about the attacks were provided by VulnCheck. The security company alerted Four-Faith about the vulnerability on December 20 and advises customers to contact the router manufacturer about how to resolve the problem. There may be fifteen thousand Four-Faith routers on the Internet.
In short:
| Aspect | Details |
|---|---|
| Vulnerability Identified | CVE-2024-12856 in Four-Faith industrial routers |
| Affected Models | F3x24 and F3x36 routers |
| Exploit Mechanism | Requires authenticated access using default unchanged password |
| Attacker Capability | Can execute commands and establish a reverse shell |
| Recommended Action | Contact Four-Faith for resolution; 15,000 routers may be affected |
