CVE-2021-20038

CRITICAL KEV RANSOMWARE NUCLEI

Sonicwall Sma 200 Firmware - Out-of-Bounds Write

Title source: rule

Description

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Exploits (4)

nomisec WORKING POC 1 stars

by vesperp · poc

https://github.com/vesperp/CVE-2021-20038-SonicWall-RCE

View Code ZIP pw:eip

nomisec WORKING POC

by anir0y · poc

https://github.com/anir0y/sonicwall-audit-toolkit

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

remote

https://github.com/jbaines-r7/badblood

View Code ZIP pw:eip

inthewild

poc

https://github.com/exploitpwner/cve-2021-20038-mass-rce-sonicwall

View on inthewild

Nuclei Templates (1)

SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution

CRITICALby dwisiswant0, jbaines-r7

References (4)

[Exploit, Third Party Advisory] https://github.com/jbaines-r7/badblood

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

[Exploit, Third Party Advisory] https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20038

Scores

CVSS v3 9.8

EPSS 0.9429

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-01-28

VulnCheck KEV 2022-01-28

InTheWild.io 2022-01-24

ENISA EUVD EUVD-2021-7501

Ransomware Use Confirmed

CWE

CWE-121 CWE-787

Status published

Products (15)

sonicwall/sma_200_firmware 10.2.0.8-37sv

sonicwall/sma_200_firmware 10.2.1.1-19sv

sonicwall/sma_200_firmware 10.2.1.2-24sv

sonicwall/sma_210_firmware 10.2.0.8-37sv

sonicwall/sma_210_firmware 10.2.1.1-19sv

sonicwall/sma_210_firmware 10.2.1.2-24sv

sonicwall/sma_400_firmware 10.2.0.8-37sv

sonicwall/sma_400_firmware 10.2.1.1-19sv

sonicwall/sma_400_firmware 10.2.1.2-24sv

sonicwall/sma_410_firmware 10.2.0.8-37sv

... and 5 more

Published Dec 08, 2021

KEV Added Jan 28, 2022

Tracked Since Feb 18, 2026