CVE-2021-20028
CRITICAL KEV RANSOMWARESonicwall Sma 210 Firmware < 9.0.0.10-28sv - SQL Injection
Title source: ruleDescription
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
Exploits (1)
Scores
CVSS v3
9.8
EPSS
0.7917
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2022-03-28
VulnCheck KEV
2021-06-08
InTheWild.io
2022-01-27
ENISA EUVD
EUVD-2021-7491
Ransomware Use
Confirmed
CWE
CWE-89
Status
published
Products (6)
sonicwall/sma_210_firmware
8.0.0.0 - 9.0.0.10-28sv
sonicwall/sma_410_firmware
8.0.0.0 - 9.0.0.10-28sv
sonicwall/sma_500v_firmware
8.0.0.0 - 9.0.0.10-28sv
sonicwall/sra_1600_firmware
8.0.0.0 - 9.0.0.10-28sv
sonicwall/sra_4600_firmware
8.0.0.0 - 9.0.0.10-28sv
sonicwall/sra_va_firmware
8.0.0.0 - 9.0.0.10-28sv
Published
Aug 04, 2021
KEV Added
Mar 28, 2022
Tracked Since
Feb 18, 2026