Back

Critical Exploitation of Four-Faith Routers in Botnet Campaign

Severity: High (Score: 69.9)

Sources: www.vulncheck.com, www.crowdsec.net, Cybersecuritynews, talosintelligence.com, Industrialcyber.Co

Published: 2026-05-19 · Updated: 2026-05-20

Keywords: hackers, four, actively, exploiting, four-faith, industrial, routers

Summary

Four-Faith industrial cellular routers are under active attack due to a critical authentication bypass vulnerability, CVE-2024-9643, published on February 4, 2025. Security researchers report a significant increase in exploitation attempts, indicating a shift from probing to large-scale hijacking of these devices for botnet creation. The vulnerability primarily affects Four-Faith F3x36 industrial routers, which are being rapidly weaponized by attackers. This campaign poses a serious risk to industrial infrastructure, as compromised routers can be repurposed for malicious activities. The ongoing exploitation highlights the urgent need for organizations using these devices to implement security measures and monitor for suspicious activity. Key Points: • Four-Faith industrial routers are targeted due to CVE-2024-9643, a critical flaw. • Exploitation attempts have surged, indicating a transition to large-scale botnet operations. • Organizations using affected routers must take immediate action to mitigate risks.

Detailed Analysis

**Impact** Four-Faith F3x36 industrial cellular routers are affected by the exploitation of CVE-2024-9643, an authentication bypass vulnerability. The attack targets industrial sectors using these routers, potentially compromising operational technology environments. The hijacked devices are repurposed into large-scale botnet infrastructures, increasing risks of distributed denial-of-service (DDoS) attacks and other malicious activities. Specific geographic or numeric impact data is not provided. **Technical Details** The attack exploits CVE-2024-9643, a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers. Attackers gain unauthorized access to exposed devices and integrate them into botnets. The campaign has shifted from initial probing to active exploitation and large-scale abuse. No specific malware names, tools, or IOCs are mentioned in the sources. **Recommended Response** Apply available patches or firmware updates addressing CVE-2024-9643 on Four-Faith F3x36 routers immediately. Harden device configurations by restricting remote access and monitoring for unusual authentication attempts. Deploy network detection rules to identify exploitation attempts targeting this vulnerability. In the absence of detailed IOCs, maintain heightened monitoring of Four-Faith router traffic and authentication logs.

Source articles (6)

  • Hackers Hijacking Four — Cybersecuritynews · 2026-05-19
    Hackers are actively exploiting Four-Faith industrial routers to build botnets, leveraging a critical vulnerability identified as CVE-2024-9643. Security researchers from CrowdSec report a sharp rise…
  • Cisco Talos — talosintelligence.com · 2026-05-20
    A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker…
  • Four Faith Hard Coded Creds — www.vulncheck.com · 2026-05-20
  • Four — Gbhackers · 2026-05-19
    Four-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as CVE-2024-9643. Security researchers warn tha…
  • Cve 2024 9643 Four Faith Router Authentication Bypass — www.crowdsec.net · 2026-05-20
    The CrowdSec Network has detected a wave of exploitation attempts targeting CVE-2024-9643, a critical authentication bypass flaw in Four-Faith F3x36 industrial routers. The Four-Faith F3x36 is an indu…
  • CrowdSec flags rising exploitation of Four — Industrialcyber.Co · 2026-05-20
    Threat actors are actively exploiting a critical authentication bypass flaw in Four-Faith F3x36 industrial cellular routers, with security researchers warning that the attacks have escalated into larg…

Timeline

  • 2025-02-04 — CVE-2024-9643 published: A critical authentication bypass vulnerability affecting Four-Faith F3x36 routers was disclosed.
  • Recent — Surge in exploitation attempts: Security researchers reported a sharp rise in attempts to exploit CVE-2024-9643, indicating a growing threat.

CVEs

  • CVE-2024-9643

Related entities

  • Botnet (Attack Type)
  • CWE-287 - Improper Authentication (Cwe)
  • Four-Faith F3x36 (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed