A high-severity OS command injection vulnerability, CVE-2024-12856 (CVSS 7.2), affecting Four-Faith industrial router models F3x24 and F3x36, is being actively exploited, according to VulnCheck. While exploitation requires authentication, attackers are leveraging default credentials to gain unauthorized access and execute commands, enabling reverse shells for persistent control. Exploitation attempts, linked to IP 178.215.238[.]91 and previously used for CVE-2019-12168 attacks, target the /apply.cgi endpoint's adj_time_year parameter. Over 15,000 internet-facing devices are vulnerable, with evidence suggesting attacks have been ongoing since November 2024. No patches are available yet, and the flaw has been reported to Four-Faith for remediation.

‍