CVE-2024-12856

Dec. 27, 2024, 6:15 p.m.

7.2
High

Description

The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue.

Product(s) Impacted

Product Versions
Four-Faith router F3x24
  • ['2.0']
Four-Faith router F3x36
  • ['2.0']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://ducklingstudio.blog.fc2.com/blog-entry-392.html
https://vulncheck.com/advisories/four-faith-time
https://vulncheck.com/blog/four-faith-cve-2024-12856
https://vulncheck.com/blog/four-faith-cve-2024-12856

Tags

CWE-78
disclosure@vulncheck.com
2024-12-27
CVE-2024-12856

CVSS Score

7.2 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: HIGH
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 27, 2024, 4:15 p.m.
Last Modified: Dec. 27, 2024, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

disclosure@vulncheck.com

Relations

Here is the list of observables linked to the vulnerability CVE-2024-12856 using threat intelligence.

  • Mirai
  • Gayfemboy
  • Gayfemboy

Linked Attack Reports

Gayfemboy: A Botnet Deliver Through a Four-Faith Industrial Router 0-day Exploit.

The Gayfemboy botnet, discovered in February 2024, has evolved from a simple Mirai derivative into a sophisticated large-scale botnet. It exploits a 0-day vulnerability in Four-Faith industrial routers and unknown vulnerabilities in other devices to spread. With over 15,000 daily active nodes acros…
ddos
botnet
CVE-2024-12856
four-faith
2025-01-08
0-day
gayfemboy
industrial-router
Published: January 8, 2025
Linked vulnerabilities : CVE-2024-8956 (CVSS 9.1), CVE-2024-8957 (CVSS 9.8), CVE-2024-12856 (CVSS 7.2), CVE-2013-7471
Downloadable IOCs: 56

RondoDox v2: Evolution of RondoDox Botnet with 650% More Exploits

The RondoDox botnet has undergone a significant evolution, expanding its capabilities and target range. This new variant, RondoDox v2, demonstrates a 650% increase in exploitation vectors, moving beyond niche DVR targeting to include enterprise applications. Key features include over 75 exploitatio…
obfuscation
exploit
persistence
ddos
iot
botnet
CVE-2015-2051
enterprise
CVE-2018-10561
CVE-2021-41773
CVE-2024-7029
CVE-2024-10914
CVE-2023-1389
CVE-2017-18368
CVE-2024-12856
CVE-2024-12847
CVE-2025-22905
CVE-2023-26801
CVE-2023-52163
CVE-2025-1829
CVE-2025-4008
CVE-2025-5504
CVE-2024-3721
CVE-2025-34037
rondodox
CVE-2022-44149
2025-11-10
CVE-2019-16920
CVE-2025-7414
CVE-2023-47565
CVE-2016-6277
CVE-2022-37129
CVE-2022-36553
CVE-2014-1635
CVE-2018-11714
CVE-2017-18369
CVE-2020-10987
multi-architecture
CVE-2021-42013
CVE-2023-25280
command-injection
CVE-2023-51833
CVE-2014-6271
CVE-2020-27867
CVE-2020-25506
Published: November 10, 2025
Linked vulnerabilities : CVE-2024-7029 (CVSS 8.8), CVE-2024-10914 (CVSS 8.1), CVE-2024-12856 (CVSS 7.2), CVE-2024-12847 (CVSS 9.8), CVE-2025-22905 (CVSS 9.8), CVE-2023-52163 (CVSS 5.9), CVE-2025-1829 (CVSS 6.3), CVE-2015-2051, CVE-2021-41773, CVE-2017-10271, CVE-2018-10561, CVE-2023-1389, CVE-2017-18368, CVE-2025-4008 (CVSS 9.4), CVE-2025-5504 (CVSS 5.3), CVE-2024-3721, CVE-2025-34037 (CVSS 10.0), CVE-2022-44149, CVE-2022-37129, CVE-2022-36553, CVE-2020-27867, CVE-2018-11714, CVE-2017-18369, CVE-2014-1635, CVE-2025-7414, CVE-2020-25506, CVE-2020-10987, CVE-2023-47565, CVE-2023-25280, CVE-2021-42013, CVE-2014-6271, CVE-2019-16920, CVE-2016-6277, CVE-2023-26801, CVE-2023-51833
Downloadable IOCs: 20

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.