Four-Faith Communication Technology Co., Ltd.. Company CyberSecurity Posture
fourfaith.com
Four-Faith is a professional provider who specializing in the design, manufacture, marketing of the advanced wireless data transmission terminals, and providing the innovative, customized wireless data terminals, excellent service and solutions for our customers both at home and abroad. We have an enthusiastic team and rich R&D experience, focusing on cellular modem, cellular IP codem, cellular router and 3G Gateway, and we have launched many products to meet our customers'need. Our prouducts as well as solutions cover multiple wireless cellular network worldwide, such as WCDMA/HSUPA/HSDPA, TD-SCDMA, CDMA2000 1X EVDO, CDMA2000 1X, EDGE, GPRS and GSM. Following our company motto, "Honesty, Trust, Confidence and Belief", we strive for establishing long-term and mutual trust cooperation relationship with our suppliers, competitors, mobile operator and dealers, etc. In order to ensure that all requirement from our clients would receive our prompt and considerate attention, we have set up branches in Beijing, Wuhan and Shanghai at home, meanwhile, we have authorized more and more dealers and distributors for local market worldwide, and we are still expanding our networking of global distribution to meet more and more our clients'need.
Company Details
xiamen-four-faith-communication-technology-co-ltd
35
825
517
fourfaith.com
0
FOU_3189938
In-progress
FCTCL Risk Score (AI oriented)Between 700 and 749
FCTCL Global Score (TPRM)XXXX
Description: The Gayfemboy botnet has been aggressively exploiting a vulnerability, designated CVE-2024-12856, in Four-Faith industrial routers, as well as other devices like Neterbit routers and Vimar smart home devices. This botnet has facilitated widespread DDoS attacks that peaked in October and November. The concentration of botnet activity has resulted in substantial disruptions across various regions, with a significant portion of the infected nodes localized in China, the United States, Iran, Russia, and Turkey. The attacks, which leveraged several N-day and 0-day vulnerabilities, have not only impaired services but also raised concerns about the long-term security implications for affected devices and networks.
Description: The Gayfemboy botnet capitalizing on a zero-day vulnerability, CVE-2024-12856, has led to Distributed Denial of Service (DDoS) attacks against Four-Faith industrial routers. This exploitation potentially incapacitates critical network resources, causing service interruptions and impairing business operations. The botnet's activity, primarily in major industrial regions including China and the United States, signifies a notable security breach with substantial implications for the infected devices' operability and the broader network reliability.
Description: The Gayfemboy botnet has been exploiting a vulnerability in Four-Faith industrial routers since November 2024 to launch DDoS attacks. This botnet variant, using the Mirai codebase, has integrated N-day and 0-day exploits and has been attacking with over 15,000 daily active nodes. The attacks have targeted various global entities including the U.S and China and have resulted in blackholing traffic and disabling services due to the overwhelming network resources consumed by DDoS. The botnet targets several vulnerabilities across different devices and has disrupted not only Four-Faith routers but also affected other devices like Neterbit routers and Vimar smart home devices. The severity of this attack is predominantly on network resources, causing significant disruption.
No incidents recorded for Four-Faith Communication Technology Co., Ltd.. in 2025.
No incidents recorded for Four-Faith Communication Technology Co., Ltd.. in 2025.
No incidents recorded for Four-Faith Communication Technology Co., Ltd.. in 2025.
FCTCL cyber incidents detection timeline including parent company and subsidiaries
Four-Faith is a professional provider who specializing in the design, manufacture, marketing of the advanced wireless data transmission terminals, and providing the innovative, customized wireless data terminals, excellent service and solutions for our customers both at home and abroad. We have an enthusiastic team and rich R&D experience, focusing on cellular modem, cellular IP codem, cellular router and 3G Gateway, and we have launched many products to meet our customers'need. Our prouducts as well as solutions cover multiple wireless cellular network worldwide, such as WCDMA/HSUPA/HSDPA, TD-SCDMA, CDMA2000 1X EVDO, CDMA2000 1X, EDGE, GPRS and GSM. Following our company motto, "Honesty, Trust, Confidence and Belief", we strive for establishing long-term and mutual trust cooperation relationship with our suppliers, competitors, mobile operator and dealers, etc. In order to ensure that all requirement from our clients would receive our prompt and considerate attention, we have set up branches in Beijing, Wuhan and Shanghai at home, meanwhile, we have authorized more and more dealers and distributors for local market worldwide, and we are still expanding our networking of global distribution to meet more and more our clients'need.
Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 50.9 million active customers as of 30 June 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Sa
We’re one of the world’s leading communications services companies. At BT Group, the solutions we sell are integral to modern life. Our purpose is as simple as it is ambitious: we connect for good. There are no limits to what people can do when they connect. And as technology changes our world, co
AXIATA GROUP BERHAD 242188-H (199201010685) In pursuit of its vision to be The Next Generation Digital Champion, Axiata is a diversified telecommunications and digital conglomerate operating Digital Telcos, Digital Businesses and Infrastructure businesses across a footprint spanning ASEAN and Sout
We understand that our customers want an easier, less complicated life. We’re using our network, labs, products, services, and people to create a world where everything works together seamlessly, and life is better as a result. How will we continue to drive for this excellence in innovation?
Founded in 2004, OPPO is one of the world's leading innovators of smart devices. With operations in over 60 countries and regions, OPPO's more than 290,000 points of sales and 1,900 official service centers share the beauty of technology with users all over the world. To forward our vision of a bett
Vivo (Telefônica Brasil) is part of the Telefónica Group and with more than 94 million customers, of which 75 million mobile and 19 million fixed, we are the largest telecommunications company in Brazil, with nationwide presence and a complete, convergent portfolio of products, combining fixed, mobi
Connecting Nation. Accelerating Indonesia's Future. As Indonesia's leading digital telecommunications company, Telkomsel is committed to building a connected, competitive, and future-ready society. For over 29 years, we've empowered individuals, homes, and businesses with innovative connectivity an
T-Mobile US, Inc. (NASDAQ: TMUS) is America’s supercharged Un-carrier, delivering an advanced 4G LTE and transformative nationwide 5G network that will offer reliable connectivity for all. T-Mobile’s customers benefit from its unmatched combination of value and quality, unwavering obsession with off
We believe it’s people who give purpose to our technology. So we’re committed to staying close to our customers and providing them the best experience. And delivering the best tech. On the best network. Because our purpose is to build a connected future so everyone can thrive. We build techno
.png)
Router Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Four-Faith Communication Technology Co., Ltd.. is https://en.four-faith.com.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd..’s AI-generated cybersecurity score is 735, reflecting their Moderate security posture.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd.. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd.. is not certified under SOC 2 Type 1.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd.. does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd.. is not listed as GDPR compliant.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd.. does not currently maintain PCI DSS compliance.
According to Rankiteo, Four-Faith Communication Technology Co., Ltd.. is not compliant with HIPAA regulations.
According to Rankiteo,Four-Faith Communication Technology Co., Ltd.. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Four-Faith Communication Technology Co., Ltd.. operates primarily in the Telecommunications industry.
Four-Faith Communication Technology Co., Ltd.. employs approximately 35 people worldwide.
Four-Faith Communication Technology Co., Ltd.. presently has no subsidiaries across any sectors.
Four-Faith Communication Technology Co., Ltd..’s official LinkedIn profile has approximately 825 followers.
Four-Faith Communication Technology Co., Ltd.. is classified under the NAICS code 517, which corresponds to Telecommunications.
No, Four-Faith Communication Technology Co., Ltd.. does not have a profile on Crunchbase.
Yes, Four-Faith Communication Technology Co., Ltd.. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/xiamen-four-faith-communication-technology-co-ltd.
As of December 03, 2025, Rankiteo reports that Four-Faith Communication Technology Co., Ltd.. has experienced 3 cybersecurity incidents.
Four-Faith Communication Technology Co., Ltd.. has an estimated 9,589 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Cyber Attack.
Title: Gayfemboy Botnet Exploiting CVE-2024-12856 for DDoS Attacks on Four-Faith Industrial Routers
Description: The Gayfemboy botnet capitalizing on a zero-day vulnerability, CVE-2024-12856, has led to Distributed Denial of Service (DDoS) attacks against Four-Faith industrial routers. This exploitation potentially incapacitates critical network resources, causing service interruptions and impairing business operations. The botnet's activity, primarily in major industrial regions including China and the United States, signifies a notable security breach with substantial implications for the infected devices' operability and the broader network reliability.
Type: DDoS Attack
Attack Vector: Zero-day vulnerability (CVE-2024-12856)
Vulnerability Exploited: CVE-2024-12856
Threat Actor: Gayfemboy botnet
Title: Gayfemboy Botnet Exploiting CVE-2024-12856
Description: The Gayfemboy botnet has been aggressively exploiting a vulnerability, designated CVE-2024-12856, in Four-Faith industrial routers, as well as other devices like Neterbit routers and Vimar smart home devices. This botnet has facilitated widespread DDoS attacks that peaked in October and November. The concentration of botnet activity has resulted in substantial disruptions across various regions, with a significant portion of the infected nodes localized in China, the United States, Iran, Russia, and Turkey. The attacks, which leveraged several N-day and 0-day vulnerabilities, have not only impaired services but also raised concerns about the long-term security implications for affected devices and networks.
Type: DDoS
Attack Vector: Vulnerability ExploitationBotnet
Vulnerability Exploited: CVE-2024-12856
Threat Actor: Gayfemboy Botnet
Title: Gayfemboy Botnet Exploiting Four-Faith Industrial Routers
Description: The Gayfemboy botnet has been exploiting a vulnerability in Four-Faith industrial routers since November 2024 to launch DDoS attacks. This botnet variant, using the Mirai codebase, has integrated N-day and 0-day exploits and has been attacking with over 15,000 daily active nodes. The attacks have targeted various global entities including the U.S and China and have resulted in blackholing traffic and disabling services due to the overwhelming network resources consumed by DDoS. The botnet targets several vulnerabilities across different devices and has disrupted not only Four-Faith routers but also affected other devices like Neterbit routers and Vimar smart home devices. The severity of this attack is predominantly on network resources, causing significant disruption.
Date Detected: November 2024
Type: DDoS Attack
Attack Vector: Exploiting vulnerabilities in industrial routers and smart home devices
Vulnerability Exploited: Four-Faith industrial routersNeterbit routersVimar smart home devices
Threat Actor: Gayfemboy Botnet
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Vulnerabilities in industrial routers and smart home devices.
Systems Affected: Four-Faith industrial routers
Operational Impact: Service interruptions and impaired business operations
Systems Affected: Four-Faith industrial routersNeterbit routersVimar smart home devices
Systems Affected: Four-Faith industrial routersNeterbit routersVimar smart home devices
Operational Impact: Blackholing traffic and disabling services
Entity Name: Four-Faith
Entity Type: Company
Industry: Industrial Routers
Location: ChinaUnited States
Location: ChinaUnited StatesIranRussiaTurkey
Entity Name: Four-Faith
Entity Type: Industrial Router Manufacturer
Industry: Technology
Location: Global
Entity Name: Neterbit
Entity Type: Router Manufacturer
Industry: Technology
Location: Global
Entity Name: Vimar
Entity Type: Smart Home Device Manufacturer
Industry: Technology
Location: Global
Entry Point: Vulnerabilities in industrial routers and smart home devices
Last Attacking Group: The attacking group in the last incident were an Gayfemboy botnet, Gayfemboy Botnet and Gayfemboy Botnet.
Most Recent Incident Detected: The most recent incident detected was on November 2024.
Most Significant System Affected: The most significant system affected in an incident was Four-Faith industrial routersNeterbit routersVimar smart home devices and Four-Faith industrial routersNeterbit routersVimar smart home devices.
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Vulnerabilities in industrial routers and smart home devices.
.png)
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-9 and 6.9.13-34, there is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. This vulnerability is fixed in 7.1.2-9 and 6.9.13-34.
FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. FeehiCMS version 2.1.1 allows authenticated remote attackers to upload files that the server later executes (or stores in an executable location) without sufficient validation, sanitization, or execution restrictions. An authenticated remote attacker can upload a crafted PHP file and cause the application or web server to execute it, resulting in remote code execution (RCE).
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query.
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid