CVE-2024-9644

EPSS 0.08%
Veröffentlicht 04.02.2025 15:15:19
Zuletzt bearbeitet 19.09.2025 19:12:31
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an 
authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote and unauthenticated can use this vulnerability to modify settings or chain with existing authenticated vulnerabilities.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Four-faith ≫ F3x36 Firmware Version2.0

Four-faith ≫ F3x36 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.248

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

https://vulncheck.com/advisories/four-faith-hidden-api

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-9644

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9644

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9644

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-9644