CVE-2021-27858

MEDIUM NUCLEI

FatPipe WARP/IPVPN/MPVPN <10.1.2r60p91-10.2.2r42 - Info Disclosure

Title source: llm

Description

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.

Nuclei Templates (1)

FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
MEDIUMVERIFIEDby gy741

References (3)

Scores

CVSS v3 5.3
EPSS 0.3240
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-862
Status published
Products (10)
fatpipeinc/ipvpn_firmware 5.2.0 r34
fatpipeinc/ipvpn_firmware 6.1.2 r70p26 (3 CPE variants)
fatpipeinc/ipvpn_firmware 7.1.2 r39
fatpipeinc/ipvpn_firmware 9.1.2 r129 (17 CPE variants)
fatpipeinc/ipvpn_firmware 10.1.2 r60p10 (11 CPE variants)
fatpipeinc/ipvpn_firmware 10.2.2 r10 (3 CPE variants)
fatpipeinc/mpvpn_firmware 5.2.0 r34
fatpipeinc/mpvpn_firmware 6.1.2 r70p26 (3 CPE variants)
fatpipeinc/mpvpn_firmware 7.1.2 r39
fatpipeinc/mpvpn_firmware 9.1.2 r129 (9 CPE variants)
Published Dec 15, 2021
Tracked Since Feb 18, 2026