The vulnerability allows you to use the upload function of the file in the firmware of the device and install a shell based on the Web with root access.
The Federal Bureau of Investigation, the United States has discovered a group APT that exploits a zero-day vulnerabilities in network devices FatPipe MPVPN to compromise the computer systems of companies and gain access to their internal networks.
Criminals take advantage of the vulnerability of FatPipe MPVPN at least may 2021. The vulnerability allowed a group of non-identified to take advantage of the loading of the firmware file of the device and to install a web shell with root.
The attacks have targeted only the devices FatPipe MPVPN, but the vulnerability also affects other products, including ipvpn is launched and WARP. Are different types of VPN server that companies install around the perimeter of their networks and business use to provide employees with remote access to internal applications on the Internet, acting as a hybrid between the network gateway and firewall.
As noted by the FBI, the zero-day vulnerability discovery currently does not have a CVE identifier. FatPipe has issued a hotfix and more information on the vulnerability. According to experts, the vulnerability 0-Day may be used to override the configuration file of a device, allowing attackers to take full control of systems that are not protected.
According to the results of the search query Shodan, there are currently about 800 devices FatPipe MPVPN connected to the network.