Browse all 8 CVE security advisories affecting Four-Faith. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Four-Faith specializes in industrial IoT and communication solutions, primarily serving SCADA systems and smart grid infrastructure. Historically, their products have been vulnerable to multiple remote code execution flaws, cross-site scripting, and privilege escalation vulnerabilities, often stemming from hardcoded credentials and insufficient input validation. The company has addressed eight CVEs to date, with several critical issues allowing unauthorized access to device management interfaces. While no major public security incidents have been documented, the pattern of vulnerabilities suggests potential risks in operational technology environments where their devices are deployed, emphasizing the need for rigorous patch management in critical infrastructure deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-9644 | Four-Faith F3x36 bapply.cgi Auth Bypass — F3x36CWE-489 | 9.8 | Critical | 2025-02-04 |
| CVE-2024-9643 | Four-Faith F3x36 Hidden Debug Credentials — F3x36CWE-489 | 9.8 | Critical | 2025-02-04 |
This page lists every published CVE security advisory associated with Four-Faith. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.