Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
2021-09-27T18:15:08.383
2025-10-31T17:13:28.377
Analyzed
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:N/I:N/A:C
8.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | sonicwall | sma_200_firmware | < 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_200_firmware | < 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_200_firmware | < 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_200 | - | No |
| Operating System | sonicwall | sma_210_firmware | < 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_210_firmware | < 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_210_firmware | < 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_210 | - | No |
| Operating System | sonicwall | sma_400_firmware | < 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_400_firmware | < 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_400_firmware | < 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_400 | - | No |
| Operating System | sonicwall | sma_410_firmware | < 9.0.0.11-31sv | Yes |
| Operating System | sonicwall | sma_410_firmware | < 10.2.0.8-37sv | Yes |
| Operating System | sonicwall | sma_410_firmware | < 10.2.1.1-19sv | Yes |
| Hardware | sonicwall | sma_410 | - | No |
| Application | sonicwall | sma_500v | < 9.0.0.11-31sv | Yes |
| Application | sonicwall | sma_500v | < 10.2.0.8-37sv | Yes |
| Application | sonicwall | sma_500v | < 10.2.1.1-19sv | Yes |