cbcvebase.
CVE-2019-12168
published 2019-05-17

CVE-2019-12168: Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.

PriorityP277high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
4.96%
91.1th percentile
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.

Affected

1 ranges
VendorProductVersion rangeFixed in
four-faithf3x24_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/apply.cgi
  • Monitor for HTTP POST requests to the '/apply.cgi' endpoint on Four-Faith routers targeting the 'ping_ip' parameter, which is the injection vector for CVE-2019-12168.
  • CVE-2019-12168 exploitation is conducted via the Command Shell screen (Administration > Commands) on Four-Faith F3x24 v1.0 devices, enabling remote code execution.
  • Exploitation patterns for CVE-2019-12168 are similar to CVE-2024-12856 attacks; correlate detections of crafted POST requests to apply.cgi across both CVEs.
  • ·Many Four-Faith F3x24/F3x36 devices are deployed with default credentials, making them trivially accessible to attackers prior to exploitation.

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.