CVE-2024-9643

CRITICAL EXPLOITED NUCLEI

Four-faith F3x36 Firmware - Authentication Bypass

Title source: rule

Description

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

Nuclei Templates (1)

Four-Faith F3x36 - Authentication Bypass

CRITICALVERIFIEDby trader642

Shodan: Four-Faith

FOFA: body="Four-Faith"

References (2)

[Not Applicable] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1752

[Third Party Advisory] https://vulncheck.com/advisories/four-faith-hard-coded-creds

Scores

CVSS v3 9.8

EPSS 0.2072

EPSS Percentile 95.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2025-10-13

Classification

CWE

CWE-489 CWE-798

Status published

Affected Products (1)

four-faith/f3x36_firmware

Timeline

Published Feb 04, 2025

Tracked Since Feb 18, 2026