Detections
Analytics
CVE-2021-20038
critical
Description
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.
References
https://www.theregister.com/2025/07/16/sonicwall_vpn_hijack/
https://www.securityweek.com/sonicwall-sma-appliances-targeted-with-new-overstep-malware/
https://www.databreachtoday.com/hackers-use-backdoor-to-steal-data-from-sonicwall-appliance-a-28979
https://www.darkreading.com/remote-workforce/fully-patched-sonicwall-gear-zero-day-attack
https://therecord.media/sonicwall-sma-100-series-overstep-malware-unc6148
https://thehackernews.com/2025/07/unc6148-backdoors-fully-patched.html
https://cyberscoop.com/sonicwall-sma100-attacks/
https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html
https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
https://www.tenable.com/cyber-exposure/tenable-2022-threat-landscape-report
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-040a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a