PT-2025-3731 · Four Faith · Four-Faith F3X36 Router
Francesco Benvenuto
+1
·
Published
2025-02-04
·
Updated
2026-05-20
·
CVE-2024-9643
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Four-Faith F3x36 router version 2.0.0
Description
The issue is related to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests.
Recommendations
For Four-Faith F3x36 router version 2.0.0, consider changing the hard-coded credentials in the administrative web server to prevent unauthorized access. As a temporary workaround, restrict access to the administrative web server until a patch is available.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Four-Faith F3X36 Router