← back
CVE-2021-20034

CVE-2021-20034

EPSS 80.7%CWE-284
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
Affected products
SonicWall · SMA100
public PoCs found2
cve_referencepacketstormsecurity.com/files/164564/SonicWall-SMA-10.2.1.0-17sv-Password-Reset.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50430unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/164564/SonicWall-SMA-10.2.1.0-17sv-Password-Reset.htmlhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0021