The critical vulnerability CVE-2024-12856 affecting Four-Faith industrial routers (specifically models F3x24 and F3x36) has been discovered by VulnCheck, presenting a grave risk to over 15,000 devices with default credentials. This vulnerability allows attackers to exploit the router’s system time adjustment functionality by leveraging the /apply.cgi endpoint and the adj_time_year parameter for remote code execution.
According to VulnCheck researcher Jacob Baines, the vulnerability enables attackers to remotely execute commands on vulnerable devices over HTTP, with approximately 15,000 internet-facing devices identified using the Censys tool. The attack targets the /apply.cgi endpoint, which facilitates system configuration changes, and manipulates the adj_time_year parameter to inject malicious commands, bypassing authentication via default credentials.
It is important to note that this vulnerability should not be confused with CVE-2019-12168, despite both vulnerabilities leveraging the same apply.cgi endpoint. Exploitation attempts originating from the IP address 178.215.23891 have been observed, indicating active exploitation of the vulnerability in the wild.
Successful exploitation of this vulnerability could lead to the installation of malware, data theft, network disruption, and potential escalation into unauthenticated and remote OS command execution. To address this threat, VulnCheck recommends updating firmware, changing default credentials, and implementing Suricata rules for detection of exploitation attempts.
Furthermore, VulnCheck has responsibly disclosed the vulnerability to Four-Faith and urged users to contact the company directly for information on patches, affected models, and firmware versions. The discovery of this vulnerability underscores the need for enhanced security measures to protect routers and their users, especially in light of recent findings of critical vulnerabilities in other router models such as DrayTek Vigor routers.
The vulnerability in Four-Faith routers serves as a reminder of the security risks posed by default passwords and outdated firmware in routers, which make them easy targets for cybercriminals. With the increasing sophistication of cyber threats targeting network infrastructure, it is crucial for organizations and individuals to prioritize the security of their routers through regular updates, strong authentication mechanisms, and proactive monitoring for potential vulnerabilities.
In conclusion, the exploitation of CVE-2024-12856 highlights the importance of prioritizing router security and underscores the need for proactive measures to defend against evolving cyber threats targeting network devices. By taking prompt action to update firmware, change default credentials, and implement detection mechanisms, organizations can mitigate the risks posed by vulnerabilities in critical infrastructure components like industrial routers.