EUVD-2021-14593

Malware in sbrugna...

EUVD-2021-14594

Malware in sbrugna...

VulnCheck KEV: CVE-2021-27856

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...

VulnCheck KEV: CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...

FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem...

FatPipe WARP, IPVPN and MPVPN authorization vulnerabilities

FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover due to a WAN component or service failure that results in a data line connection outage.A security vulnerability exists in FatPipe WARP, IPVPN and MPVPN that stems from a lack of...

FatPipe WARP, IPVPN and MPVPN have unspecified vulnerabilities (CNVD-2021-101931)

FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover as a result of a WAN component or service failure resulting in a data line connection outage.FatPipe WARP, IPVPN and MPVPN have a security vulnerability that could be exploited by a...

FatPipe WARP, IPVPN and MPVPN have unspecified vulnerabilities

FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover due to the failure of a WAN component or service resulting in the loss of data line connectivity.A security vulnerability exists in FatPipe WARP, IPVPN and MPVPN, which stems from t...

CVE-2021-27859

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...

CVE-2021-27855

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...

Design/Logic Flaw

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...

Authorization

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...

Authorization

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...

CVE-2021-27859

CVE-2021-27859 (FatPipe WARP/IPVPN/MPVPN) is a missing authorization vulnerability in the web management interface that allows an authenticated, read-only user to create an administrative account. Affected versions are FatPipe software prior to 10.1.2r60p91 and 10.2.2 prior to r42; older FatPipe ...

CVE-2021-27857

CVE-2021-27857 describes a missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN. Before versions 10.1.2r60p91 and 10.2.2r42, remote unauthenticated attackers can download a configuration archive, with the hostname used as part of the file name. Old...

CVE-2021-27856

CVE-2021-27856 affects FatPipe WARP/IPVPN/MPVPN software prior to 10.1.2r60p91 and 10.2.2r42. A backdoor admin account named “cmuser” exists with no password, enabling unauthenticated administrative access and potential full device compromise. Connected sources consistently describe the issue as ...

CVE-2021-27855

CVE-2021-27855 affects FatPipe WARP/IPVPN/MPVPN software prior to 10.1.2r60p91 and 10.2.2r42. The vulnerability allows a remote, authenticated user with read-only privileges to elevate to administrative privileges via a privileged action (HTTP/JSON parameter manipulation). Affected versions inclu...

CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006...

CVE-2021-27860

CVE-2021-27860 affects FatPipe WARP, IPVPN, and MPVPN web management interfaces. An unauthenticated remote attacker can upload arbitrary files to any location on the filesystem on affected devices running versions < 10.1.2r60p92 or

CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006...