What is CVE-2024-9644?

CVE-2024-9644 is a critical-severity vulnerability in Four-faith F3x36, classified under Active Debug Code. CVSS score: 9.8/10. Published 2025-02-04.

How severe is CVE-2024-9644?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Four-faith F3x36

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" en…

EPSS: 0.000 (7.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Four-faith F3x36 — versions 2.0.0

Weakness classification (CWE)

CWE-489 — Active Debug Code
CWE-306 — Missing Authentication for Critical Function

References

vulncheck.com/advisories/four-faith-hidden-api (third-party-advisory)

Frequently asked questions

What is CVE-2024-9644?: CVE-2024-9644 is a critical-severity vulnerability in Four-faith F3x36, classified under Active Debug Code. CVSS score: 9.8/10. Published 2025-02-04.
How severe is CVE-2024-9644?: Critical severity. CVSS v3 base score is 9.8 out of 10.