- Description
- The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-306
- Hype score
- Not currently trending
CVE-2024-9643 & CVE-2024-9644: Authentication Bypass in Four-Faith F3x36 Routers Puts Networks at Risk Critical vulnerabilities in Four-Faith F3x36 routers running v2.0.0 firmware. Learn about CVE-2024-9643 and CVE-2024-9644 and their severity. https://t.co/dxdW5aRheZ
@the_yellow_fall
7 Feb 2025
221 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9644 The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enfor… https://t.co/LuEq262IdH
@CVEnew
4 Feb 2025
426 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-9644: CRITICAL] Firmware v2.0.0 of Four-Faith F3x36 router has an authentication bypass issue in its web server. Exploiting "bapply.cgi" allows remote attackers to alter settings without authentication.#cybersecurity,#vulnerability https://t.co/x1STLWIRoG https://t.co/m
@CveFindCom
4 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes