Hackers Exploit Vulnerability In 15,000 Industrial Routers Worldwide - 1

Image by Thomas Jensen, from Unsplash

Hackers Exploit Vulnerability In 15,000 Industrial Routers Worldwide

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Hackers are targeting a serious security flaw in Four-Faith industrial routers made in China.

In a Rush? Here are the Quick Facts!

  • The vulnerability allows attackers to gain unauthorized control over affected routers remotely.
  • Hackers use default credentials to execute reverse shells, compromising around 15,000 devices.
  • Vulnerability links to Mirai malware, responsible for over 33% of IoT malware attacks recently.

The issue, identified as CVE-2024-12856 , affects the F3x24 and F3x36 models. It allows attackers to take control of the routers remotely by exploiting their default login credentials, putting thousands of devices at risk. Security researchers at VulnCheck reported the problem.

VulnCheck Chief Technology Officer Jacob Baines reported that his team detected the same user agent mentioned in a November blog by DucklingStudio , which attempted to exploit the vulnerability to deploy a different malware payload. Baines also shared a video demonstrating how the flaw can be exploited.

Gov Security Info explains that Four-Faith routers are commonly used in industries requiring remote monitoring and control. Typical customers include factories, manufacturing plants, industrial automation systems, power grids, renewable energy facilities, water utilities, and transportation companies.

These routers support real-time data transmission for tasks like fleet management and vehicle tracking. Researchers estimate that around 15,000 devices accessible online are vulnerable to the attack, based on a Censys report.

The exploitation allows attackers to execute a reverse shell, giving them unauthorized control of the routers. In a reverse shell attack, attackers exploit vulnerabilities, connecting victim machines to their server, enabling remote control, data theft, malware deployment, and access to secure networks through command-line instructions, as noted by CheckPoint .

Cyberscoop reports that the vulnerability may be tied to a variant of Mirai, the notorious malware and botnet targeting Internet of Things (IoT) devices. Mirai, first detected in 2016 and originally developed by teenagers to create botnets, remains a dominant threat to IoT devices globally.

Zscaler data shows Mirai accounted for over a third of IoT malware attacks between June 2023 and May 2024, far surpassing other malware families. Additionally, more than 75% of blocked IoT transactions during this period were associated with Mirai’s malicious code, as reported by Cyberscoop.

According to Gov Security Info, Four-Faith was informed of the vulnerability on December 20 under VulnCheck’s responsible disclosure policy. Details about patches or firmware updates are currently unavailable.

Researchers recommend that users of affected router models change default credentials, restrict network exposure, and monitor device activity closely.

Apple TV+ Offers Free Access To All Users The First Weekend Of 2025 - 2

Photo by James Yarema on Unsplash

Apple TV+ Offers Free Access To All Users The First Weekend Of 2025

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
  • Reader’s Comments 2

Apple TV+ has announced that it will offer free access to its library the first weekend of the year 2025, from January 3 to 5.

In a Rush? Here are the Quick Facts!

  • Apple TV+ offers its streaming service for free from January 3 through January 5 across the globe.
  • Those interested in enjoying the service will only need an Apple ID to access the platform.
  • Users on social media have been sharing recommendations and suggestions to watch during the weekend.

People can access Apple TV from multiple devices where the platform is available—iPhones, iPads, Macs, smart TVs, gaming consoles, Windows PCs, and more.

This weekend, see for yourself. Stream for free Jan 4-5. pic.twitter.com/8p6PCUYpms — Apple TV (@AppleTV) December 30, 2024

Users on social media have been interacting with the posts shared by Apple TV+ and sharing recommendations and ideas for the weekend.

“I’m totally canceling my plans for that weekend! What are the top things I should watch?” wrote one user on X . “Everyone do yourselves a favor and watch Shrinking!,” wrote another user.

Earlier this year, in June, Apple transmitted its annual Worldwide Developers Conference (WWDC) with major announcements including new shows and seasons for its most popular shows on Apple TV+.