WARNING: 2 CRITICAL VULNERABILITIES IN FOUR-FAITH F3X36 ROUTER USING FIRMWARE V2.0.0

CVE-2024-9643: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVE-2024-9644: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

On February 4, 2025, NIST's National Vulnerability Database (NVD) listed two critical flaws in the Four-Faith F3x36 router (firmware v2.0.0). 

 

Four-Faith routers are industrial-grade routers and a lucrative target for botnets. In December 2024, Chainxin X Lab observed a Mirai-based botnet exploiting zero-day flaws in these devices. CVE-2024-9643 and CVE-2024-9644 will likely be weaponized soon, raising the risk of large-scale attacks. Immediate patching is critical.

 

Successful exploitation of CVE-2025-9643 and/or CVE-2025-9644 could severely impact the affected systems' confidentiality, integrity, and availability.

CVE-2024-9643 originates from hard-coded credentials in the web server, allowing a remote attacker to bypass authentication with a crafted HTTP request. If successful, the attacker gains complete administrative control over the router.

 

CVE-2024-9644 is an authentication bypass vulnerability in the "bapply.cgi" endpoint, which lacks proper access controls. CVE-2024-9644 allows a remote attacker to change router settings or combine it with other authenticated vulnerabilities to stage a more severe attack.

Patch

 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

 

Monitor/Detect

 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident. 

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.