CVE-2024-9644 (GCVE-0-2024-9644)
Vulnerability from cvelistv5 – Published: 2025-02-04 14:58 – Updated: 2025-11-19 20:35Title
Four-Faith F3x36 bapply.cgi Auth Bypass
Summary
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an
authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://vulncheck.com/advisories/four-faith-hidden-api | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Four-Faith | F3x36 |
Affected:
2.0.0
(semver)
|
Credits
Shadowserver
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 78d844e0-444d-465e-b89c-821b3e187523
Exploited: Yes
Characteristics
Severity:
98.0
Timestamps
First Seen: 2025-02-09
Asserted: 2025-02-09
Last Seen: 2025-02-14
Scope
Asset Exposure: ['internet-facing']
Notes: Affected: Four-Faith / Four-Faith F3x36 | Class: router | Severity: Critical (CVSS 9.8) | IoT: yes | In CISA KEV: no | Honeypot connections on 2025-02-14: 53
Evidence
Type: Honeypot
Signal: In The Wild Attempts
Confidence: 70%
Source: shadowserver
Details
| 1D | 1 |
|---|---|
| Iot | yes |
| Feed | Shadowserver Foundation honeypot/exploited-vulnerabilities |
| Type | http-scan |
| Class | router |
| 7D Avg | 0 |
| Vendor | Four-Faith |
| 30D Avg | 0 |
| 90D Avg | 0 |
| Product | Four-Faith F3x36 |
| Cisa Kev | no |
| Connections | 53 |
| Observation Date | 2025-02-14 |
| Vulnerability Class | CVSS |
| Vulnerability Score | 9.8 |
| Vulnerability Severity | Critical |
References
Created: 2026-06-30 10:22 UTC
| Updated: 2026-06-30 12:07 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 9870032e-0b84-4893-bf22-9ae95b5c80be
Exploited: Yes
Timestamps
First Seen: 2025-06-18
Asserted: 2025-06-18
Scope
Notes: KEVIntel entry: Four-Faith F3x36 bapply.cgi Auth Bypass | Affected: Four-Faith / F3x36 | CVSS: 9.8 (CRITICAL) | Used in malware: unknown | Not yet in CISA KEV: True
Evidence
Type: Public Report
Signal: Successful Exploitation
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | Four-Faith F3x36 bapply.cgi Auth Bypass |
| Vendor | Four-Faith |
| Product | F3x36 |
| Added Date | 2025-06-18T00:00:00.000Z |
| Cvss Score | 9.8 |
| Epss Score | None |
| Cvss Severity | CRITICAL |
| Epss Percentile | None |
| Used In Malware | unknown |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | True |
References
Created: 2026-06-23 14:03 UTC
| Updated: 2026-07-10 06:14 UTC
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T15:48:55.611580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T15:49:20.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "F3x36",
"vendor": "Four-Faith",
"versions": [
{
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:four-faith:f3x36_firmware:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \"bapply.cgi\" endpoint instead of the normal \"apply.cgi\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.\u003cbr\u003e"
}
],
"value": "The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \"bapply.cgi\" endpoint instead of the normal \"apply.cgi\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489 Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:35:28.936Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/four-faith-hidden-api"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Four-Faith F3x36 bapply.cgi Auth Bypass",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-9644",
"datePublished": "2025-02-04T14:58:03.363Z",
"dateReserved": "2024-10-08T18:08:01.273Z",
"dateUpdated": "2025-11-19T20:35:28.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-9644",
"date": "2026-07-09",
"epss": "0.00644",
"percentile": "0.46497"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-9644\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2025-02-04T15:15:19.273\",\"lastModified\":\"2026-06-17T08:24:58.550\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \\nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \\\"bapply.cgi\\\" endpoint instead of the normal \\\"apply.cgi\\\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.\"},{\"lang\":\"es\",\"value\":\"Four-Faith F3x36 router que utiliza el firmware v2.0.0 es vulnerable a una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el servidor web administrativo. La autenticaci\u00f3n no se aplica en algunas funciones administrativas cuando se utiliza \\\"bapply.cgi\\\" endpoint en lugar del \\\"apply.cgiendpointnt normal. Un usuario remoto y no autenticado puede utilizar esta vulnerabilidad para modificar la configuraci\u00f3n o encadenarla con vulnerabilidades autenticadas existentes.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"Four-Faith\",\"product\":\"F3x36\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"2.0.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-02-04T15:48:55.611580Z\",\"id\":\"CVE-2024-9644\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"},{\"lang\":\"en\",\"value\":\"CWE-489\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:four-faith:f3x36_firmware:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4465943D-58C8-41A3-BA22-6A83B5D3FDCC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:four-faith:f3x36:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FFCC6F9-6DE1-4415-B0C5-729190BD0562\"}]}]}],\"references\":[{\"url\":\"https://vulncheck.com/advisories/four-faith-hidden-api\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-05-28T22:18:36+00:00",
"cve": "CVE-2024-9644",
"id": "CVE-2024-9644",
"initial_release_date": "2024-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "Four-Faith F3x36 bapply.cgi Auth Bypass",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9644.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-9644\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T15:48:55.611580Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T15:49:14.364Z\"}}], \"cna\": {\"title\": \"Four-Faith F3x36 bapply.cgi Auth Bypass\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Jacob Baines\"}], \"impacts\": [{\"capecId\": \"CAPEC-115\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-115 Authentication Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Four-Faith\", \"product\": \"F3x36\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://vulncheck.com/advisories/four-faith-hidden-api\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \\nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \\\"bapply.cgi\\\" endpoint instead of the normal \\\"apply.cgi\\\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an \\nauthentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the \\\"bapply.cgi\\\" endpoint instead of the normal \\\"apply.cgi\\\" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-489\", \"description\": \"CWE-489 Active Debug Code\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2025-02-04T14:58:03.363Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-9644\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T15:49:20.305Z\", \"dateReserved\": \"2024-10-08T18:08:01.273Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2025-02-04T14:58:03.363Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…