CVE-2021-20039

HIGH EXPLOITED IN THE WILD

Sonicwall Sma 410 Firmware - OS Command Injection

Title source: rule

Description

Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.

Exploits (1)

metasploit WORKING POC EXCELLENT

by jbaines-r7 · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/sonicwall_cve_2021_20039.rb

View Code ZIP pw:eip

References (3)

[Various Sources] https://attackerkb.com/topics/9szJhq46lw/cve-2021-20039/rapid7-analysis

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/165563/SonicWall-SMA-100-Series-Authenticated-Command-Injection.html

[Vendor Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026

Scores

CVSS v3 8.8

EPSS 0.8246

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-03-30

InTheWild.io 2022-01-27

CWE

CWE-78

Status published

Products (15)

sonicwall/sma_200_firmware 9.0.0.11-31sv

sonicwall/sma_200_firmware 10.2.0.8-37sv

sonicwall/sma_200_firmware 10.2.1.1-19sv

sonicwall/sma_210_firmware 9.0.0.11-31sv

sonicwall/sma_210_firmware 10.2.0.8-37sv

sonicwall/sma_210_firmware 10.2.1.1-19sv

sonicwall/sma_400_firmware 9.0.0.11-31sv

sonicwall/sma_400_firmware 10.2.0.8-37sv

sonicwall/sma_400_firmware 10.2.1.1-19sv

sonicwall/sma_410_firmware 9.0.0.11-31sv

... and 5 more

Published Dec 08, 2021

Tracked Since Feb 18, 2026