CVE-2021-20035

Published: Sep 27, 2021Modified: Oct 31, 2025CISA KEV

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

Affected (15)

Products: Sonicwall: Sma 200 Firmware, Sma 210 Firmware, Sma 400 Firmware, Sma 410 Firmware, Sma 500v

5 products

Configuration A

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Sma 200 Firmware	Before 9.0.0.11-31sv
Sonicwall Sma 200 Firmware	From 10.2.0.0 to 10.2.0.8-37sv
Sonicwall Sma 200 Firmware	From 10.2.1.0 to 10.2.1.1-19sv

Running on/with	Platform Versions
Sonicwall Sma 200	All versions

Configuration B

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Sma 210 Firmware	Before 9.0.0.11-31sv
Sonicwall Sma 210 Firmware	From 10.2.0.0 to 10.2.0.8-37sv
Sonicwall Sma 210 Firmware	From 10.2.1.0 to 10.2.1.1-19sv

Running on/with	Platform Versions
Sonicwall Sma 210	All versions

Configuration C

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Sma 400 Firmware	Before 9.0.0.11-31sv
Sonicwall Sma 400 Firmware	From 10.2.0.0 to 10.2.0.8-37sv
Sonicwall Sma 400 Firmware	From 10.2.1.0 to 10.2.1.1-19sv

Running on/with	Platform Versions
Sonicwall Sma 400	All versions

Configuration D

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sonicwall Sma 410 Firmware	Before 9.0.0.11-31sv
Sonicwall Sma 410 Firmware	From 10.2.0.0 to 10.2.0.8-37sv
Sonicwall Sma 410 Firmware	From 10.2.1.0 to 10.2.1.1-19sv