FatPipe Networks WARP 10.2.2 Authorization Bypass

`  
FatPipe Networks WARP 10.2.2 Authorization Bypass  
  
  
Vendor: FatPipe Networks Inc.  
Product web page: https://www.fatpipeinc.com  
Affected version: WARP  
10.2.2r38  
10.2.2r25  
10.2.2r10  
10.1.2r60p82  
10.1.2r60p71  
10.1.2r60p65  
10.1.2r60p58s1  
10.1.2r60p58  
10.1.2r60p55  
10.1.2r60p45  
10.1.2r60p35  
10.1.2r60p32  
10.1.2r60p13  
10.1.2r60p10  
9.1.2r185  
9.1.2r180p2  
9.1.2r165  
9.1.2r164p5  
9.1.2r164p4  
9.1.2r164  
9.1.2r161p26  
9.1.2r161p20  
9.1.2r161p17  
9.1.2r161p16  
9.1.2r161p12  
9.1.2r161p3  
9.1.2r161p2  
9.1.2r156  
9.1.2r150  
9.1.2r144  
9.1.2r129  
7.1.2r39  
6.1.2r70p75-m  
6.1.2r70p45-m  
6.1.2r70p26  
5.2.0r34  
  
Summary: FatPipe Networks invented the concept of router-clustering,  
which provides the highest level of reliability, redundancy, and speed  
of Internet traffic for Business Continuity and communications. FatPipe  
WARP achieves fault tolerance for companies by creating an easy method  
of combining two or more Internet connections of any kind over multiple  
ISPs. FatPipe utilizes all paths when the lines are up and running,  
dynamically balancing traffic over the multiple lines, and intelligently  
failing over inbound and outbound IP traffic when ISP services and/or  
components fail.  
  
Desc: Improper access control occurs when the application provides direct  
access to objects based on user-supplied input. As a result of this vulnerability  
attackers can bypass authorization and access resources behind protected  
pages.  
  
Tested on: Apache-Coyote/1.1  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2021-5682  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php  
  
  
30.05.2016  
25.07.2021  
  
--  
  
  
$ curl -vk "https://10.0.0.9/fpui/jsp/index.jsp"  
`