PT-2021-7647 · Fatpipe · Fatpipe Warp+2

Published

2021-11-18

Updated

2025-10-24

CVE-2021-27860

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FatPipe WARP, IPVPN, and MPVPN versions prior to 10.1.2r60p92 and 10.2.2r44p1

Description A vulnerability in the web management interface of FatPipe software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem, potentially enabling the execution of arbitrary code with a specially crafted malicious file.

Recommendations For versions prior to 10.1.2r60p92, update to version 10.1.2r60p92 or later. For versions prior to 10.2.2r44p1, update to version 10.2.2r44p1 or later. As a temporary workaround, consider restricting access to the web management interface to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2023-00811

CVE-2021-27860

Affected Products

Fatpipe Warp

Ipvpn

Mpvpn

PT-2021-7647 · Fatpipe · Fatpipe Warp+2

CVE-2021-27860

Weakness Enumeration

Related Identifiers

Affected Products

References · 20