CVE-2024-9643

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-489
View all →

Vulnerability Description

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

Related Vulnerabilities

CVE-2019-10939

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE DNP3 (incl. SIPLUS N...

CWE-4892019

CVE-2023-0954

CRITICAL
CVSS:9.8(Critical)

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack.

CWE-4892023

CVE-2023-22357

CRITICAL
CVSS:9.8(Critical)

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. A remote unauthenticated attacke...

CWE-4892023

CVE-2023-32645

CRITICAL
CVSS:9.8(Critical)

A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker...

CWE-4892023

CVE-2023-34346

CRITICAL
CVSS:9.8(Critical)

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker ...

CWE-4892023

CVE-2023-4804

CRITICAL
CVSS:9.8(Critical)

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.

CWE-4892023