A recent report from cybersecurity company VulnCheck has revealed a significant vulnerability (CVE-2024-12856) affecting thousands of Chinese Four-Faith routers. The flaw allows attackers to exploit default credentials in the F3x24 and F3x36 router models to remotely inject commands into the operating system. Malicious actors have already been observed leveraging this vulnerability to deploy Mirai malware, a notorious botnet targeting Internet of Things (IoT) devices.

VulnCheck indicated that at least 15,000 routers are potentially exposed to the vulnerability. The National Institute of Standards and Technology has designated the CVE’s severity rating at 7.2. Notably, while the vulnerability requires prior authentication, the presence of hardcoded default credentials makes unauthorized access possible. VulnCheck has reached out to Four-Faith regarding potential remediation; however, details on a patch remain unaddressed. Ongoing investigations suggest that this vulnerability might affect additional router models from Four-Faith, given the company's tendency to share functionalities across product lines. WaterISAC is sharing this report for member awareness. For more information, visit VulnCheck or Cyberscoop.