CVE-2016-9682

CRITICAL

SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via Diagnostics CGI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9682. PoCs published by xort.

AI-analyzed exploit summary The exploit demonstrates two command injection vulnerabilities in SonicWall SRA's diagnostics CGI. The 'currentTSREmailTo' and 'tsrDeleteRestartedFile' parameters are improperly escaped, allowing remote command execution as the 'nobody' user via crafted HTTP GET requests.

Description

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

Exploits (1)

exploitdb WORKING POC

by xort · textwebappscgi

https://www.exploit-db.com/exploits/42342

View Code ZIP pw:eip

The exploit demonstrates two command injection vulnerabilities in SonicWall SRA's diagnostics CGI. The 'currentTSREmailTo' and 'tsrDeleteRestartedFile' parameters are improperly escaped, allowing remote command execution as the 'nobody' user via crafted HTTP GET requests.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SonicWall Secure Remote Access (SRA) 8.1.0.2-14sv

Auth required

Prerequisites: Access to the administrative interface · Valid session cookies

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42342/

Release Notes, Vendor Advisory x_refsource_confirm

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

Various Sources x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0003

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96375

Scores

CVSS v3 9.8

EPSS 0.2452

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

dell/sonicwall_secure_remote_access_server 8.1.0.2-14sv

Published Feb 22, 2017

Tracked Since Feb 18, 2026