CVE-2024-9643

Published Feb 4, 2025

Last updated 8 months ago

CVSS critical 9.8
Network

Overview

Description
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
Source
disclosure@vulncheck.com
NVD status
Analyzed
Products
f3x36_firmware

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

disclosure@vulncheck.com
CWE-489
nvd@nist.gov
CWE-798

Social media

Hype score
Not currently trending

  1. Exposed edge devices remain a top target for attackers. The mass exploitation of CVE-2024-9643 in Four-Faith F3x36 routers is a reminder that authentication bypass flaws can quickly turn vulnerable routers into botnet nodes, proxy infrastructure, or entry points into business

    @VistemSolutions

    20 May 2026

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Mass Exploitation Alert: Hardcoded Credentials in Four-Faith Industrial Routers (CVE-2024-9643) Hijacked for Botnets - https://t.co/VOvzv0HOA6

    @moton

    19 May 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Warning: #CrowdSec Network observed massive exploitation of CVE-2024-9643, a Critical Authentication Bypass in #Four-Faith F3x36 router. https://t.co/xqwbXmRha0 #Patch #Patch #Patch if you haven't already!

    @CCBalert

    19 May 2026

    161 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Four-Faith製産業用ルーター「F3x36」が、重大脆弱性CVE-2024-9643を悪用した大規模ボットネット攻撃に晒されている。認証不要で管理者権限を奪取でき、侵害された機器はプロキシや攻撃中継基盤へ転用されている

    @yousukezan

    19 May 2026

    1360 Impressions

    1 Retweet

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CrowdSec warns CVE-2024-9643 in Four-Faith routers has hit mass exploitation phase. Attackers abuse hardcoded logins to build botnets. Patch now! #FourFaith #IoT #BotnetAlert #CyberSecurity #InfoSec #VulnerabilityAlert #CVE #MassExploitation https://t.co/Ltg1aocH9n https://t.co/

    @the_yellow_fall

    19 May 2026

    231 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 In this week’s newsletter, we cover CVE-2024-9643, a Four-Faith router authentication bypass now moving into mass exploitation. We break down how attackers are turning exposed industrial routers into botnet infrastructure and what defenders should do next. Read the full

    @Crowd_Security

    18 May 2026

    125 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2024-9643 - critical 🚨 Four-Faith F3x36 - Authentication Bypass > Four-Faith F3x36 router with firmware v2.0.0 contains an authentication bypass caused... 👾 https://t.co/UV0BfXl1Nv @pdnuclei #NucleiTemplates #cve

    @pdnuclei_bot

    17 Feb 2026

    145 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. #Vulnerability #CVE202412856 CVE-2024-9643 & CVE-2024-9644: Authentication Bypass in Four-Faith F3x36 Routers Puts Networks at Risk https://t.co/0NqbhSMOrS

    @Komodosec

    10 Mar 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2024-9643 & CVE-2024-9644: Authentication Bypass in Four-Faith F3x36 Routers Puts Networks at Risk Critical vulnerabilities in Four-Faith F3x36 routers running v2.0.0 firmware. Learn about CVE-2024-9643 and CVE-2024-9644 and their severity. https://t.co/dxdW5aRheZ

    @the_yellow_fall

    7 Feb 2025

    221 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-9643 The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker wit… https://t.co/YOcIDzwgMv

    @CVEnew

    4 Feb 2025

    426 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. [CVE-2024-9643: CRITICAL] Vulnerability alert: Four-Faith F3x36 router firmware v2.0.0 has hard-coded credentials, allowing unauthorized access. Stay vigilant against cyber threats. #CyberSecurity#cybersecurity,#vulnerability https://t.co/ozfaQ5Jpua https://t.co/VBIec3j1v5

    @CveFindCom

    4 Feb 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. In single-node ISE deployments, successful exploitation of this vulnerability could cause the affected ISE node to become unavailable, resulting in a denial of service (DoS) condition. In that condition, endpoints that have not already authenticated would be unable to access the network until the node is restored.CVE-2026-20147
  2. Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.CVE-2026-33827
  3. Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.CVE-2026-33824
  4. Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.CVE-2026-31790
  5. Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.CVE-2026-28390

References

Sources include official advisories and independent security research.