CVE-2016-9683

CRITICAL

SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9683. PoCs published by xort.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Sonicwall SRA appliances (version <= 8.1.0.2-14sv) via the `extensionsettings.cgi` script. It authenticates with provided credentials, then injects commands through the `diagnostics` endpoint to achieve remote code execution.

Description

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195.

Exploits (1)

exploitdb WORKING POC

by xort · rubywebappshardware

https://www.exploit-db.com/exploits/41415

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Sonicwall SRA appliances (version <= 8.1.0.2-14sv) via the `extensionsettings.cgi` script. It authenticates with provided credentials, then injects commands through the `diagnostics` endpoint to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sonicwall SRA <= 8.1.0.2-14sv

Auth required

Prerequisites: Valid admin credentials · Network access to the target appliance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004

Release Notes, Vendor Advisory x_refsource_confirm

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

Various Sources x_refsource_misc

http://pastebin.com/eJbeXgBr

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96375

Scores

CVSS v3 9.8

EPSS 0.2197

EPSS Percentile 95.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

dell/sonicwall_secure_remote_access_server 8.1.0.2-14sv

Published Feb 22, 2017

Tracked Since Feb 18, 2026