CVE-2021-20038
- EPSS 94.29%
- Veröffentlicht 08.12.2021 10:15:07
- Zuletzt bearbeitet 31.10.2025 17:13:16
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA...
CVE-2021-20035
- EPSS 3.66%
- Veröffentlicht 27.09.2021 18:15:08
- Zuletzt bearbeitet 31.10.2025 17:13:28
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS.
CVE-2021-20034
- EPSS 4.7%
- Veröffentlicht 27.09.2021 18:15:08
- Zuletzt bearbeitet 21.11.2024 05:45:49
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings.
CVE-2021-20028
- EPSS 85.69%
- Veröffentlicht 04.08.2021 19:15:08
- Zuletzt bearbeitet 31.10.2025 17:13:35
Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier
CVE-2021-20016
- EPSS 79.82%
- Veröffentlicht 04.02.2021 06:15:13
- Zuletzt bearbeitet 31.10.2025 15:56:14
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x...