Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability.
2023-12-05T21:15:07.150
2025-05-02T14:15:47.227
Analyzed
CVSSv3.1: 7.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | sonicwall | sma_200_firmware | ≤ 10.2.1.9-57sv | Yes |
| Hardware | sonicwall | sma_200 | - | No |
| Operating System | sonicwall | sma_210_firmware | ≤ 10.2.1.9-57sv | Yes |
| Hardware | sonicwall | sma_210 | - | No |
| Operating System | sonicwall | sma_400_firmware | ≤ 10.2.1.9-57sv | Yes |
| Hardware | sonicwall | sma_400 | - | No |
| Operating System | sonicwall | sma_410_firmware | ≤ 10.2.1.9-57sv | Yes |
| Hardware | sonicwall | sma_410 | - | No |
| Operating System | sonicwall | sma_500v_firmware | ≤ 10.2.1.9-57sv | Yes |
| Hardware | sonicwall | sma_500v | - | No |