FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 has the hidden administrative account cmuser that has no password and has write access permissions to the device. The user cmuser is not visible in the Users menu list of the application.

FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 is vulnerable to an unauthenticated configuration disclosure when a direct object reference is made to the backup archive file using an HTTP GET request.

The application interface FatPipe Networks WARP/IPVPN/MPVPN version 10.2.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

The application has a hidden administrative account 'cmuser' that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application.