← back
CVE-2021-20035

CVE-2021-20035

CVSS 6.5 MEDIUMEPSS 3.9%● KEVCWE-78
In short

The SMA100 management interface fails to properly filter user input, allowing authenticated users to inject system commands that execute with limited privileges, potentially causing service disruptions.

Technical detail

CWE-78 command injection vulnerability in SMA100 management interface lacks proper input sanitization, enabling authenticated attackers to inject arbitrary OS commands executed as 'nobody' user; requires valid authentication credentials and can result in denial-of-service conditions.

Summary generated and translated by AI from the official description.
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected products
SonicWall · SMA100

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-20035