CVE-2021-27860
📋 TL;DR
This vulnerability allows remote, unauthenticated attackers to upload arbitrary files to any location on the filesystem of FatPipe WARP, IPVPN, and MPVPN devices. This affects all systems running vulnerable versions of FatPipe software with the web management interface exposed. Attackers can leverage this to achieve remote code execution or system compromise.
💻 Affected Systems
- FatPipe WARP
- FatPipe IPVPN
- FatPipe MPVPN
📦 What is this software?
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover via remote code execution, installation of persistent backdoors, data exfiltration, and lateral movement within the network.
Likely Case
Remote code execution leading to malware deployment, credential theft, and network reconnaissance.
If Mitigated
Limited impact if web management interface is not internet-facing and network segmentation restricts access.
🎯 Exploit Status
Exploitation is trivial - requires only HTTP requests to upload files. CISA lists this as known exploited in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.1.2r60p92 or 10.2.2r44p1
Vendor Advisory: https://www.fatpipeinc.com/support/cve-list.php
Restart Required: Yes
Instructions:
1. Download the patched firmware from FatPipe support portal. 2. Backup current configuration. 3. Upload and install the new firmware through the web interface. 4. Reboot the device. 5. Verify the version is updated.
🔧 Temporary Workarounds
Disable Web Management Interface
allDisable the vulnerable web interface and use alternative management methods
Network Access Control
linuxRestrict access to the management interface using firewall rules
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Immediately restrict network access to the management interface using firewall rules
- Implement network segmentation to isolate vulnerable devices from critical systems
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the web interface under System > Status > Firmware VersionCheck Version:
Login to web interface and navigate to System > Status, or check via CLI if availableVerify Fix Applied:
Verify the firmware version is 10.1.2r60p92 or higher for 10.1.x, or 10.2.2r44p1 or higher for 10.2.x📡 Detection & Monitoring
Log Indicators:
- Unusual file upload activity in web server logs
- Multiple failed upload attempts followed by successful upload
- Requests to unusual file paths
Network Indicators:
- HTTP POST requests to file upload endpoints from unexpected sources
- Unusual outbound connections from the FatPipe device
SIEM Query:
source="fatpipe_logs" AND (http_method="POST" AND uri CONTAINS "upload" OR http_status=200 AND file_extension IN (".php", ".jsp", ".asp", ".exe"))