Home

Description

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

PUBLISHED Reserved 2024-10-08 | Published 2025-02-04 | Updated 2025-11-22 | Assigner VulnCheck




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-489 Active Debug Code

CWE-798 Use of Hard-coded Credentials

Product status

Default status
unaffected

2.0.0 (semver)
affected

Credits

Jacob Baines finder

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1752 exploit

vulncheck.com/advisories/four-faith-hard-coded-creds third-party-advisory

talosintelligence.com/vulnerability_reports/TALOS-2023-1752 third-party-advisory

cve.org (CVE-2024-9643)

nvd.nist.gov (CVE-2024-9643)

Download JSON