CVE-2021-20035

medium

Description

Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.

References

Exploits
More

https://www.securityweek.com/sonicwall-patches-critical-sma-100-vulnerability-warns-of-recent-malware-attack/

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-rce-flaw-in-sma-100-VPN-appliances/

https://www.theregister.com/2025/07/16/sonicwall_vpn_hijack/

https://www.securityweek.com/sonicwall-sma-appliances-targeted-with-new-overstep-malware/

https://www.databreachtoday.com/hackers-use-backdoor-to-steal-data-from-sonicwall-appliance-a-28979

https://www.darkreading.com/remote-workforce/fully-patched-sonicwall-gear-zero-day-attack

https://www.bleepingcomputer.com/news/security/sonicwall-sma-devices-hacked-with-overstep-rootkit-tied-to-ransomware/

https://therecord.media/sonicwall-sma-100-series-overstep-malware-unc6148

https://thehackernews.com/2025/07/unc6148-backdoors-fully-patched.html

https://cyberscoop.com/sonicwall-sma100-attacks/

https://arstechnica.com/security/2025/07/google-finds-custom-backdoor-being-installed-on-sonicwall-network-devices/

https://cyberscoop.com/sonicwall-exploited-vulnerabilities-surge/

https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/

https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html

https://www.hipaajournal.com/sonicwall-sma-vulnerabilities-actively-exploited-in-attacks/

https://www.securityweek.com/sonicwall-flags-two-vulnerabilities-as-exploited/

https://thehackernews.com/2025/05/sonicwall-confirms-active-exploitation.html

https://www.bleepingcomputer.com/news/security/sonicwall-sma100-vpn-vulnerabilities-now-exploited-in-attacks/

https://securityaffairs.com/176706/security/attackers-exploited-sonicwall-sma-appliances-since-january-2025.html

https://www.helpnetsecurity.com/2025/04/18/sonicwall-sma100-vulnerability-exploited-by-attackers-cve-2021-20035/

https://www.bleepingcomputer.com/news/security/sonicwall-sma-vpn-devices-targeted-in-attacks-since-january/

https://www.securityweek.com/sonicwall-flags-old-vulnerability-as-actively-exploited/

https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html

https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-adds-one-known-exploited-vulnerability-catalog

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022

Details

Source: Mitre, NVD

Published: 2021-09-27

Updated: 2025-04-17

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H