CVE-2021-27856
📋 TL;DR
FatPipe WARP, IPVPN, and MPVPN software contains a hardcoded administrative account named 'cmuser' with no password, allowing unauthenticated attackers to gain full administrative control. This affects versions prior to 10.1.2r60p91 and 10.2.2r42, potentially including older versions. Organizations using vulnerable FatPipe networking products are at risk.
💻 Affected Systems
- FatPipe WARP
- FatPipe IPVPN
- FatPipe MPVPN
📦 What is this software?
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of FatPipe device allowing network traffic interception, configuration changes, credential harvesting, and lateral movement into connected networks.
Likely Case
Unauthenticated attackers gain administrative access to FatPipe devices, enabling network disruption, data exfiltration, and persistent backdoor installation.
If Mitigated
Limited impact if devices are not internet-facing and network segmentation prevents lateral movement from compromised devices.
🎯 Exploit Status
Proof of concept details available in public references. Simple authentication bypass via hardcoded credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.1.2r60p91 and 10.2.2r42
Vendor Advisory: https://www.fatpipeinc.com/support/cve-list.php
Restart Required: Yes
Instructions:
1. Download latest firmware from FatPipe support portal. 2. Backup current configuration. 3. Apply firmware update. 4. Reboot device. 5. Verify version is patched.
🔧 Temporary Workarounds
Network Access Control
allRestrict administrative access to FatPipe devices to trusted IP addresses only
Change Administrative Credentials
allSet strong passwords for all administrative accounts including any default accounts
🧯 If You Can't Patch
- Isolate FatPipe devices in separate network segment with strict firewall rules
- Implement network monitoring for unauthorized administrative access attempts
🔍 How to Verify
Check if Vulnerable:
Check device version via web interface or CLI. Attempt to authenticate with username 'cmuser' and no password.Check Version:
Check via web interface: System > About, or CLI: show versionVerify Fix Applied:
Verify version is 10.1.2r60p91 or 10.2.2r42 or newer. Attempt authentication with 'cmuser' and no password should fail.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts for 'cmuser'
- Successful logins from 'cmuser' account
- Configuration changes from unknown sources
Network Indicators:
- Unusual administrative traffic to FatPipe devices
- Traffic patterns indicating configuration changes
SIEM Query:
source="fatpipe" AND (user="cmuser" OR event="authentication" AND result="success")🔗 References
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_backdoor.txt
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_backdoor.txt
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php
