PT-2021-7647 · Fatpipe · Fatpipe Warp+2
Published
2021-11-18
·
Updated
2025-10-24
·
CVE-2021-27860
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
FatPipe WARP, IPVPN, and MPVPN versions prior to 10.1.2r60p92 and 10.2.2r44p1
Description
A vulnerability in the web management interface of FatPipe software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem, potentially enabling the execution of arbitrary code with a specially crafted malicious file.
Recommendations
For versions prior to 10.1.2r60p92, update to version 10.1.2r60p92 or later.
For versions prior to 10.2.2r44p1, update to version 10.2.2r44p1 or later.
As a temporary workaround, consider restricting access to the web management interface to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fatpipe Warp
Ipvpn
Mpvpn