A high-severity flaw impacting choose 4-Religion routers has come beneath lively exploitation within the wild, in accordance with new findings from VulnCheck.
The vulnerability, tracked as CVE-2024-12856 (CVSS rating: 7.2), has been described as an working system (OS) command injection bug affecting router fashions F3x24 and F3x36.
The severity of the shortcoming is decrease as a result of the truth that it solely works if the distant attacker is ready to efficiently authenticate themselves. Nonetheless, if the default credentials related to the routers haven’t been modified, it might lead to unauthenticated OS command execution.
Within the assault detailed by VulnCheck, the unknown risk actors have been discovered to leverage the router’s default credentials to set off exploitation of CVE-2024-12856 and launch a reverse shell for persistent distant entry.
The exploitation try originated from the IP handle 178.215.238[.]91, which has been beforehand utilized in reference to assaults searching for to weaponize CVE-2019-12168, one other distant code execution flaw affecting 4-Religion routers. In accordance with risk intelligence agency GreyNoise, efforts to take advantage of CVE-2019-12168 have been recorded as not too long ago as December 19, 2024.
“The assault could be performed in opposition to, at the least, the 4-Religion F3x24 and F3x36 over HTTP utilizing the /apply.cgi endpoint,” Jacob Baines mentioned in a report. “The methods are susceptible to OS command injection within the adj_time_year parameter when modifying the machine’s system time by way of submit_type=adjust_sys_time.”
Knowledge from Censys reveals that there are over 15,000 internet-facing units. There may be some proof suggesting that assaults exploiting the flaw might have been ongoing since at the least early November 2024.
There may be at present no details about the supply of patches, though VulnCheck acknowledged that it responsibly reported the flaw to the Chinese language firm on December 20, 2024. The Hacker Information has reached out to 4-Religion for remark previous to the publication of this story and can replace the piece if we hear again.
