Blog
Share This Post
[ad_1]
More than 15,000 internet-exposed Four-Faith F3x24 and F3x36 routers could potentially be compromised in ongoing intrusions exploiting the high-severity operating system command injection flaw, tracked as CVE-2024-12856, according to The Hacker News.
Attacks against the vulnerable routers have been conducted from the same IP address previously leveraged to exploit the Four-Faith remote code execution vulnerability, tracked as CVE-2019-12168, with the new issue then used to deploy a reverse shell to ensure persistence and prompt unauthenticated OS command execution, a report from VulnCheck revealed.
“The attack can be conducted against, at least, the Four-Faith F3x24 and F3x36 over HTTP using the /apply.cgi endpoint. The systems are vulnerable to OS command injection in the adj_time_year parameter when modifying the device’s system time via submit_type=adjust_sys_time,” said VulnCheck researcher Jacob Baines.
While the issue has already been reported, Four-Faith has yet to provide fixes for the vulnerability, noted VulnCheck.
Get essential knowledge and practical strategies to fortify your network security.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
