GCVE - cpe:2.3:o:four-faith:f3x36_firmware:2.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:four-faith:f3x36_firmware:2.0:*:*:*:*:*:*:*

part: o version: 2.0 update: *

Vendor	Four Faith (`a2c9dbf9-7af1-5590-9fbc-8535bf3ec62d`)
Product	F3X36 Firmware (`fb9de0c0-d7ef-5369-b7a0-3c4832f03849`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-9644`	vulnerable	2026-06-08 07:00:28.381118	Four-Faith F3x36 bapply.cgi Auth Bypass CRITICAL (9.8) The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities. Published: 2025-02-04T14:58:03.363Z Updated: 2025-11-19T20:35:28.936Z Open on db.gcve.eu Reference links https://vulncheck.com/advisories/four-faith-hidden-api	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9643`	vulnerable	2026-06-08 07:00:28.378208	Four-Faith F3x36 Hidden Debug Credentials CRITICAL (9.8) The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645. Published: 2025-02-04T14:47:40.214Z Updated: 2025-11-22T01:43:40.757Z Open on db.gcve.eu Reference links https://vulncheck.com/advisories/four-faith-hard-coded-creds https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12856`	vulnerable	2026-06-08 06:25:36.230382	Four-Faith Industrial Router adjust_sys_time OS Command Injection HIGH (7.2) The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue. Published: 2024-12-27T16:03:04.567Z Updated: 2025-11-22T12:22:39.876Z Open on db.gcve.eu Reference links https://vulncheck.com/blog/four-faith-cve-2024-12856 https://vulncheck.com/advisories/four-faith-time https://ducklingstudio.blog.fc2.com/blog-entry-392.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.