CVE-2016-9684

CRITICAL

SonicWall Secure Remote Access Server 8.1.0.2-14sv - Remote Command Injection via viewcert CGI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9684. PoCs published by xort.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Sonicwall SRA's viewcert.cgi CGI script, allowing authenticated remote code execution via crafted input to the CERT parameter.

Description

The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account.

Exploits (1)

exploitdb WORKING POC

by xort · rubywebappshardware

https://www.exploit-db.com/exploits/41416

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Sonicwall SRA's viewcert.cgi CGI script, allowing authenticated remote code execution via crafted input to the CERT parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Sonicwall SRA <= v8.1.0.2-14sv

Auth required

Prerequisites: Valid admin credentials · Network access to the target device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Release Notes, Vendor Advisory x_refsource_confirm

http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868

Various Sources x_refsource_misc

http://pastebin.com/g1e2qU6N

Various Sources x_refsource_confirm

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0005

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96375

Scores

CVSS v3 9.8

EPSS 0.0662

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

dell/sonicwall_secure_remote_access_server 8.1.0.2-14sv

Published Feb 22, 2017

Tracked Since Feb 18, 2026