CVE-2024-9643

Critical

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the…

VulnCheck·CWE-489·Published 2025-02-04

CVSS

9.8

EPSS

0.03

KEV

Exploits

cve.orgen

302 chars

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

NVDen

302 chars

NVDes

356 chars

Four-Faith F3x36 router que utiliza el firmware v2.0.0 es vulnerable a la omisión de autenticación debido a credenciales codificadas de forma rígida en el servidor web administrativo. Un atacante con conocimiento de las credenciales puede obtener acceso administrativo a través de solicitudes HTTP manipulado. Este problema parece similar a CVE-2023-32645.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H