CVE-2021-20016
CRITICAL KEV RANSOMWARESonicWall SMA100 Firmware 10.0.0.0-10.2.0.5-d-29sv - Unauthenticated SQL Injection
Title source: llmExploitation Summary
CVE-2021-20016 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns.
Description
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_confirm
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20016
Scores
CVSS v3
9.8
EPSS
0.7982
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-04-29
InTheWild.io
2021-01-31
ENISA EUVD
EUVD-2021-7479
Ransomware Use
Confirmed
CWE
CWE-89
Status
published
Products (6)
sonicwall/sma_100_firmware
10.0.0.0 - 10.2.0.5-d-29sv
sonicwall/sma_200_firmware
sonicwall/sma_210_firmware
sonicwall/sma_400_firmware
sonicwall/sma_410_firmware
sonicwall/sma_500v
Published
Feb 04, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026