QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-20039

Back to search

CVE-2021-20039

Published: Dec 8, 2021

Modified: Sep 5, 2025

PUBLISHED

Description

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

VendorProductVersions

SonicWall

SonicWall SMA100

affected
9.0.0.11-31sv and earlier
affected
10.2.0.8-37sv and earlier
affected
10.2.1.1-19sv and earlier
affected
10.2.1.2-24sv and earlier

Weaknesses (CWE)

CWE-78

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now